writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses persona-based framing instructions, asking the agent to act as an 'enthusiastic junior engineer with no judgement' to ensure verbose and explicit plans. Such framing, while stylistic, can occasionally be leveraged to bypass internal safety or reasoning constraints.
- [INDIRECT_PROMPT_INJECTION]: The skill creates a path for potentially untrusted input to influence executable-style documentation. 1. Ingestion points: Data from the brainstorming or design phase is used to populate tasks. 2. Boundary markers: Absent; the skill does not use delimiters to isolate user-provided content from the plan's command structure. 3. Capability inventory: The generated markdown files include shell commands (npm, git) and functional code implementation blocks. 4. Sanitization: No evidence of input validation or escaping for external content processed during plan generation.
Audit Metadata