writing-plans
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection (Category 8) by processing external, potentially untrusted specification documents to generate executable content.
- Ingestion points: The skill is triggered by and processes external "spec" or "requirements" files provided by the user or found in the workspace.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from obeying malicious instructions embedded within the source requirements document.
- Capability inventory: The generated plans include Python code snippets and shell commands (e.g.,
git,pytest,pip). The skill also instructs the agent to write these plans to the filesystem atdocs/superpowers/plans/. - Sanitization: The skill lacks validation or sanitization logic to ensure that instructions from the input spec do not manipulate the generated plan's output, such as including malicious commands in the "Step" blocks.
Audit Metadata