executing-plans

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the loading and execution of tasks from an external plan file, which introduces a surface for indirect prompt injection attacks if the file's content is attacker-controlled.\n
  • Ingestion points: The workflow begins by reading an external plan file into the session context (Step 1.1 in SKILL.md).\n
  • Boundary markers: The skill does not define security boundaries or instructions to treat the plan content as untrusted data, lacking delimiters or warnings against instruction overrides.\n
  • Capability inventory: The agent is empowered to execute code, run validation tests, and perform Git operations based on the plan's instructions.\n
  • Sanitization: No sanitization or validation of the plan file's contents is performed before the agent begins executing the described tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:11 AM
Security Audit — agent-trust-hub — executing-plans