writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as an intermediary that processes untrusted data (user requirements) to produce executable plans, creating a surface for indirect prompt injection.
- Ingestion points: User requirements and specifications provided as input to the skill (processed in SKILL.md).
- Boundary markers: Absent; the skill does not define delimiters or specific instructions to the agent to disregard embedded instructions within user-provided specs.
- Capability inventory: The generated plans (defined in SKILL.md) contain Python code snippets and shell commands for
pytestandgit commitintended for execution. - Sanitization: Absent; the skill does not specify any validation, escaping, or sanitization logic for content interpolated from user specs into the generated plan files.
- [COMMAND_EXECUTION]: The skill templates and encourages the preparation of shell commands (e.g.,
pytest,git add,git commit) for execution. While the skill itself does not invoke a shell, it is designed to facilitate command execution through its multi-agent workflow.
Audit Metadata