writing-plans
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts stored within the plugin environment (
${CLAUDE_PLUGIN_ROOT}/scripts/), specificallyinit-writing-dir.shfor project initialization andarchive-search.shfor retrieving historical context. - [COMMAND_EXECUTION]: Standard Git commands such as
git addandgit commitare integrated into the task templates to ensure incremental progress is saved for each section and artifact generated. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes user-provided data from
.writing/outline.mdand.writing/metadata.yamlto populate task descriptions in the generated plan. - Ingestion points:
.writing/outline.md,.writing/metadata.yaml, andclaims/section_*.mdfiles. - Boundary markers: None present for input file interpolation.
- Capability inventory: Execution of shell scripts, file system write operations, and delegation to subsequent drafting and reviewing skills.
- Sanitization: None performed on the content of the outline or claims before inclusion in the plan.
- [EXTERNAL_DOWNLOADS]: References to external research data are managed through the Zotero-MCP server, which is an established service for bibliographic management.
Audit Metadata