writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown-based prompt instructions and templates. There are no scripts, binaries, or automated configuration files included in the skill package.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design, as it takes external specifications and transforms them into actionable tasks.\n
- Ingestion points: User-provided specifications or project requirements used to generate the implementation plan (SKILL.md).\n
- Boundary markers: Absent; the instructions do not require the agent to use delimiters or specific warnings to ignore instructions embedded within the ingested specifications.\n
- Capability inventory: The skill itself has no execution capabilities, but it explicitly directs the agent to hand off tasks to sub-skills ('superpowers:executing-plans', 'superpowers:subagent-driven-development') which are intended for code execution and file system modification.\n
- Sanitization: Absent; there are no instructions for validating, escaping, or filtering the input specifications before processing.\n
- Remediation: To mitigate indirect injection risks, instructions should include a requirement to wrap input data in distinct delimiters and provide a system instruction to the agent to treat the data as passive text rather than executable commands.
Audit Metadata