writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it transforms external specifications into structured plans containing executable commands.
- Ingestion points: Requirements or specifications provided by the user to be processed by the writing-plans skill.
- Boundary markers: The skill does not define explicit markers or instructions to treat input specs as untrusted or to isolate them from the plan generation logic.
- Capability inventory: The generated plans include
pytestcommands,gitoperations, and Python code snippets meant for execution by sub-skills likesuperpowers:executing-plans. - Sanitization: No sanitization or validation logic is defined to prevent malicious commands from being included in the implementation plan if the source specification is compromised.
Audit Metadata