fleet-plan
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an architectural pattern for processing untrusted data to generate instructions for worker agents, which represents an indirect prompt injection surface.
- Ingestion points: The skill ingests the user's task description via '$ARGUMENTS' and reads content from 'FLEET-INDEX.md' and dynamically discovered fleet 'SKILL.md' files.
- Boundary markers: There are no explicit instructions to use delimiters or 'ignore embedded instructions' markers when interpolating discovered data into generated 'prompt.md' files.
- Capability inventory: The skill possesses 'Write' and 'Edit' capabilities to create configuration and prompt files, and uses restricted 'Bash' commands ('ls' and 'mkdir').
- Sanitization: No explicit sanitization or validation of external content is performed before it is used to construct instructions for downstream agents.
- [COMMAND_EXECUTION]: The skill directs the agent to provide the user with shell commands for orchestrating the fleet.
- Evidence: The instructions specify that the agent should output command strings like 'bash /scripts/launch.sh' for the user to execute manually to start the planned fleet.
Audit Metadata