writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the task specifications it processes. It lacks boundary markers or instructions to ignore embedded commands within the input 'spec or requirements'. If an attacker-controlled specification includes malicious steps, the skill will incorporate them into the generated implementation plan.
- [COMMAND_EXECUTION]: The skill templates the generation of shell commands (e.g.,
pytest,git commit) and Python code snippets. While these are part of a standard development workflow, the content of these commands is derived directly from the input specifications, creating a path for malicious command execution if the plan is followed by an agent or user without oversight. - Ingestion points: Processes external 'spec or requirements' (SKILL.md).
- Boundary markers: None present to delimit untrusted input or warn against embedded instructions.
- Capability inventory: Generates shell commands and executable Python code for implementation and testing.
- Sanitization: No evidence of input validation, escaping, or filtering of the input specifications.
Audit Metadata