writing-setup
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard shell commands (
mkdir,echo) to create project directories and configure the.gitignorefile, which is appropriate for its initialization purpose. - [REMOTE_CODE_EXECUTION]: It defines a validation hook that executes a local Python script (
writing-precis-guard.py) from the plugin's internal directory to ensure artifact quality. - [PROMPT_INJECTION]: The skill exhibits a surface area for indirect prompt injection by reading session state from
.planning/HANDOFF.mdand accepting user-provided answers for the writing templates. - Ingestion points: Content is read from
.planning/HANDOFF.mdand fromAskUserQuestiontool responses. - Boundary markers: Absent; the skill reads and displays handoff content directly without applying delimiters or instructions to ignore embedded commands.
- Capability inventory: File system operations (read/write), shell command execution, and local script execution via hooks.
- Sanitization: Absent; the skill does not sanitize or escape external data before it is processed or written to files.
Audit Metadata