writing-plans
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted specs or requirements and transforms them into actionable plans containing code and commands. \n
- Ingestion points: External specifications or requirement documents provided as input.\n
- Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the source data.\n
- Capability inventory: Writing files to
docs/plans/, generating Python code, and generating shell commands (git, pytest).\n - Sanitization: None. Malicious requirements could lead to the generation of plans that include backdoors or destructive commands.\n- [Dynamic Execution] (MEDIUM): The skill dynamically generates source code and shell scripts based on requirements. While it doesn't execute these directly, it prepares them for execution by other agents or sub-skills, creating a pathway for the execution of untrusted content.
Audit Metadata