review-plan
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted plan content from external files or user input and interpolates it into a prompt for consultant agents. This creates a surface for indirect prompt injection where a malicious plan could contain instructions to subvert the review process.\n
- Ingestion points: Plan files located via shell commands or provided in conversation context.\n
- Boundary markers: The consultant prompt uses XML-style tags like <plan_content> to delimit untrusted data.\n
- Capability inventory: The skill can read local files, search the filesystem, and invoke other agent tasks via the Task tool.\n
- Sanitization: The skill relies on natural language instructions to the consultants to ignore embedded instructions, but does not implement programmatic escaping or filtering of the input data.
Audit Metadata