writing-plan
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external, untrusted specification documents to generate implementation plans. This creates an attack surface for indirect prompt injection, where a malicious specification could influence the agent to generate harmful code or commands.
- Ingestion points: Ingests project 'specs' and 'requirements' at runtime.
- Boundary markers: The instructions lack delimiters or specific warnings to ignore instructions embedded within the provided specifications.
- Capability inventory: The skill produces plans that involve creating/modifying files and executing shell commands (e.g.,
bunx eslint). - Sanitization: There is no defined process for validating or sanitizing the input specification before it is used to generate the plan.
- [COMMAND_EXECUTION]: The skill includes instructions to generate tasks that execute shell commands. Examples in the documentation include
bunx eslint, but the instructions allow for any 'verification or lint command', which could be abused if the input specification is malicious.
Audit Metadata