writing-plans
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability due to ingestion of untrusted content from GitHub issues and PRDs.\n
- Ingestion points: The skill reads specifications from the
work/PRD GitHub issuebody and its associatedcomments.\n - Boundary markers: No specific delimiters or instructions are used to distinguish between requirements and potentially malicious instructions within the input data.\n
- Capability inventory: The skill generates executable
bashcommands and code snippets, and utilizes thegh issue commentcommand to output data.\n - Sanitization: The instructions lack guidance on sanitizing or validating external input before incorporating it into the generated plan.\n- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI tool to manage issue comments.\n
- Evidence: The
Storing the Plansection inSKILL.mdexplicitly instructs the use ofgh issue comment <N> --body-file -to post plan content.
Audit Metadata