writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted user requirements to generate executable tasks for agents.
- [PROMPT_INJECTION]: Ingestion points: The skill ingest user-provided 'specs or requirements' from the agent context to generate implementation plans saved in the 'docs/plans/' directory.
- [PROMPT_INJECTION]: Boundary markers: The skill does not define specific delimiters or instructional barriers to prevent the AI from obeying malicious commands or instructions that may be embedded within the source requirements.
- [PROMPT_INJECTION]: Capability inventory: The skill generates 'exact commands' (such as git and pytest) and triggers automated execution workflows using referenced sub-skills like 'superpowers:subagent-driven-development' and 'superpowers:executing-plans'.
- [PROMPT_INJECTION]: Sanitization: There is no validation or sanitization logic to filter or escape the content of the user requirements before they are incorporated into the plan document or used to guide sub-agent actions.
Audit Metadata