writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface\n
- Ingestion points: The skill processes external specifications or requirements to generate implementation plans as described in the Overview.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used to separate untrusted input from the agent's instructions.\n
- Capability inventory: The generated plans involve file system operations (creating and modifying files) and shell command execution (e.g.,
pytest,git).\n - Sanitization: There is no logic for sanitizing or escaping the input specifications before they are translated into code or shell commands within the plan.\n- [COMMAND_EXECUTION]: The skill guides the agent to generate and potentially execute shell commands. While the provided examples (
pytest,git) are standard development tools, the template allows for any command to be included in the implementation plan, which is then passed to execution sub-skills.
Audit Metadata