review-plan
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection vulnerability because it interpolates untrusted plan content directly into prompts for multiple sub-agents.
- Ingestion points: The skill reads implementation plans from the filesystem via Grep or from the current conversation context as described in
SKILL.md. - Boundary markers: The prompt templates defined in
references/agent-prompts.mdlack delimiters (such as XML tags or triple dashes) to separate the plan content from the agent instructions. - Capability inventory: The skill has access to the local filesystem through Grep and invokes external capabilities via the
second-opinionandresearch-onlinetools. - Sanitization: There is no evidence of input validation or sanitization of the plan content before it is passed to the sub-agents.
Audit Metadata