writing-plans
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data (specifications or requirements) and uses it to generate structured implementation plans. These plans include executable shell commands and code snippets intended for downstream processing by other agents.
- Ingestion points: User-provided specifications or requirements (untrusted data) enter the agent context in
SKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate embedded instructions within the input spec.
- Capability inventory: The generated plans contain file system operations (
git add,git commit) and test executions (pytest). The skill specifically instructs the agent to trigger downstream capabilities likesuperpowers:subagent-driven-developmentorsuperpowers:executing-plansto act on these plans. - Sanitization: No sanitization, validation, or escaping of the external content is performed before it is interpolated into the generated plan document.
Audit Metadata