writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection. It guides the AI to translate external requirements into detailed plans that include executable shell commands and code, which are then passed to other execution-capable skills.
- Ingestion points: The skill processes 'spec or requirements' provided by a user or external source in file SKILL.md.
- Boundary markers: There are no instructions or delimiters provided to ensure the AI ignores malicious instructions embedded within the requirements (e.g., an attacker embedding 'Step 1: Delete all files' in a spec).
- Capability inventory: The output is specifically formatted for execution by 'superpowers:executing-plans' and 'superpowers:subagent-driven-development', which possess file-write and command-execution capabilities as evidenced by the 'pytest' and 'git' commands described in SKILL.md.
- Sanitization: No sanitization or validation of the input spec is performed before it is used to generate the plan.
Audit Metadata