writing-plans

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts stored within the plugin environment (${CLAUDE_PLUGIN_ROOT}/scripts/), specifically init-writing-dir.sh for project initialization and archive-search.sh for retrieving historical context.
  • [COMMAND_EXECUTION]: Standard Git commands such as git add and git commit are integrated into the task templates to ensure incremental progress is saved for each section and artifact generated.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes user-provided data from .writing/outline.md and .writing/metadata.yaml to populate task descriptions in the generated plan.
  • Ingestion points: .writing/outline.md, .writing/metadata.yaml, and claims/section_*.md files.
  • Boundary markers: None present for input file interpolation.
  • Capability inventory: Execution of shell scripts, file system write operations, and delegation to subsequent drafting and reviewing skills.
  • Sanitization: None performed on the content of the outline or claims before inclusion in the plan.
  • [EXTERNAL_DOWNLOADS]: References to external research data are managed through the Zotero-MCP server, which is an established service for bibliographic management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:55 PM
Security Audit — agent-trust-hub — writing-plans