writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface for indirect prompt injection (Category 8). It processes untrusted user requirements to generate structured implementation plans that include shell commands and code snippets intended for execution by subsequent agents or tools. \n
- Ingestion points: Requirements or specifications provided as input to the skill. \n
- Boundary markers: Absent. There are no explicit delimiters or instructions within the skill to isolate or mark external input as untrusted. \n
- Capability inventory: File system write operations for saving plan documents and the generation of shell commands (e.g., pytest and git) for execution by downstream components. \n
- Sanitization: Absent. User input is interpolated directly into the markdown plan without validation or escaping techniques.
Audit Metadata