writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest untrusted data in the form of project specifications and requirements, creating an attack surface where malicious instructions could be embedded.
- Ingestion points: The AI processes a 'spec or requirements' (referenced in the metadata and overview) to generate the plan.
- Boundary markers: Absent. The instructions do not specify any delimiters or safety warnings to ignore instructions embedded within the user-provided specification.
- Capability inventory: The skill instructs the AI to generate shell commands (
git commit,pytest) and write code to specific file paths. It also references and triggers the use of other high-capability skills likesuperpowers:executing-plansandsuperpowers:subagent-driven-development. - Sanitization: Absent. There are no instructions for the AI to sanitize, escape, or validate the content of the input specification before incorporating it into the actionable plan.
- Command Execution (SAFE): While the skill templates include shell commands (
git,pytest), these are standard development practices for the intended context (TDD, version control) and are presented as examples for the agent to follow rather than direct execution by the skill itself.
Audit Metadata