writing-plans
Pass
Audited by Gen Agent Trust Hub on May 31, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill functions by ingesting design specifications and converting them into executable tasks, creating a surface for indirect prompt injection. A malicious design could influence the agent to generate plans with harmful code or commands.
- Ingestion points: External design or architecture documents provided by the user (SKILL.md).
- Boundary markers: None provided to isolate untrusted input from the plan generation logic.
- Capability inventory: The skill writes implementation plans to the filesystem (
docs/plans/) and triggers subagents to perform code changes and shell operations (SKILL.md). - Sanitization: No sanitization or validation of input designs is described before they are processed into task structures.
- [COMMAND_EXECUTION]: The skill's templates and best practices documentation include shell commands for testing, version control, and environment setup.
- Evidence: Task templates in
references/plan-structure-templates.mdutilizepytest,git, andbashcommands. - [EXTERNAL_DOWNLOADS]: Documentation within the skill provides examples for managing project dependencies using external package registries.
- Evidence: Examples in
references/best-practices.mddemonstrate the use ofpip installfor project requirements.
Audit Metadata