writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill defines a workflow for converting user-provided specifications into implementations plans containing code and shell commands, creating a potential vector for malicious instructions to influence the agent.
- Ingestion points: The skill ingests untrusted 'specs or requirements' from the user as the primary input for generating plans.
- Boundary markers: The skill lacks explicit markers or 'ignore' instructions to isolate user-provided text from the generated command logic.
- Capability inventory: The generated output includes Python code and shell commands (e.g., git commit, pytest) intended for execution by the 'superpowers:executing-plans' and 'superpowers:subagent-driven-development' skills.
- Sanitization: There is no evidence of sanitization or validation of user-provided specifications before they are interpolated into the generated plan document.
Audit Metadata