validate-plan
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by loading implementation plans from external files without implementing security boundaries. A malicious implementation plan could contain instructions designed to manipulate the agent's behavior during the validation or codebase analysis phases.\n
- Ingestion points: The skill loads plan files in SKILL.md (Step 1: Plan Discovery) based on user input.\n
- Boundary markers: The skill lacks delimiters (such as XML tags or triple backticks) or explicit instructions to the agent to ignore embedded commands when processing the plan content.\n
- Capability inventory: The skill has the capability to read files, execute shell commands (grep, find, ls), and write or modify plan files (Step 8: Interactive Improvement).\n
- Sanitization: No evidence of input validation, escaping, or sanitization of the loaded plan content is present.\n- [COMMAND_EXECUTION]: The skill utilizes several shell commands to perform codebase-aware validation, including grep, find, ls, git log, and head. While these are essential for detecting DRY and YAGNI violations, they grant the agent broad read access to the project's source code and repository metadata.
Audit Metadata