writing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's core function is to ingest untrusted data ("specs or requirements") and transform them into implementation plans intended for execution. This creates a high-risk surface where malicious instructions in the input can be converted into executable code or shell commands within the plan.
- Ingestion Point: External software specifications or requirements provided by the user.
- Boundary Markers: Absent. The skill does not define delimiters or provide instructions to the agent to ignore instructions embedded within the spec.
- Capability Inventory: The skill generates file-write operations, shell commands (
pytest,git), and explicitly hands off to high-privilege skills likeexecuting-plansandsubagent-driven-developmentfor implementation. - Sanitization: None. The skill instructs the agent to include "Complete code in plan" and "Exact commands" directly derived from the task context.
- [Command Execution] (MEDIUM): The skill mandates the creation of exact shell commands and code blocks within the implementation plan. While the skill itself is a generator, its tight coupling with execution sub-skills creates a pathway for arbitrary command execution if the input is manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata