signadot-plan
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted data from the Signadot catalog could influence agent behavior.\n
- Ingestion points: The agent retrieves potentially untrusted metadata (names, descriptions, and code bodies) from the Signadot platform via
signadot plan action listandsignadot plan action get(SKILL.md).\n - Boundary markers: There are no instructions or patterns provided to the agent to treat this external data as untrusted or to wrap it in delimiters to prevent the obedience of embedded instructions.\n
- Capability inventory: The agent possesses the capability to create and run plans (
signadot plan create,signadot plan run), which allows it to execute logic in the target cluster environment based on its interpretation of the action catalog (SKILL.md).\n - Sanitization: No sanitization, validation, or escaping of the retrieved action data is specified before the agent uses it to compose or iterate on plan specifications.
Audit Metadata