executing-plans
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious code, obfuscation, or dangerous command execution patterns were found. The skill instructions follow security best practices by recommending isolated workspaces (Git worktrees) and requiring explicit user consent for operations on primary branches.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it is designed to ingest and execute instructions from external plan files. 1. Ingestion points: Reads implementation plan files (SKILL.md Step 1). 2. Boundary markers: No specific boundary markers or delimiters for the untrusted content are defined in the instructions. 3. Capability inventory: The skill facilitates file system modifications (via TodoWrite) and downstream skill execution. 4. Sanitization: The skill mitigates risks by instructing the agent to 'review critically' and raise concerns with the human partner before starting implementation, acting as a logical validation layer against malicious instructions.
Audit Metadata