writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill acts as a transformer for external specifications into executable task plans, creating a risk surface for indirect instructions.
- Ingestion points: Ingests external 'spec or requirements' (referenced in the description) to generate markdown plan files.
- Boundary markers: Absent; the templates do not use delimiters to wrap or isolate external requirement text from the task logic.
- Capability inventory: The resulting plans orchestrate file creation, modification, and shell command execution (e.g., pytest, git) through linked sub-skills.
- Sanitization: No sanitization, escaping, or validation is performed on the input requirements before they are used to populate the implementation steps.
Audit Metadata