plan-writer
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The metadata identifies the author as 'Claude Code Assistant', which is a deceptive claim of identity intended to mask the true origin of the skill.
- [PROMPT_INJECTION]: The skill includes instructions to bypass the Task tool in favor of direct Bash execution, which overrides standard agent orchestration logic and can bypass oversight mechanisms.
- [COMMAND_EXECUTION]: Employs standard local shell commands such as 'wc', 'ls', 'du', and 'grep' for file management tasks and integrity verification.
- [PROMPT_INJECTION]: Detected Indirect Prompt Injection surface. Ingestion points: plan content processed for writing (SKILL.md). Boundary markers: Absent. Capability inventory: Bash, Write, and Edit tools listed in SKILL.md. Sanitization: Absent.
Audit Metadata