writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it transforms untrusted user inputs into actionable plans.\n
- Ingestion points: Processes external user-provided specifications to generate implementation plans.\n
- Boundary markers: Lacks delimiters to separate the skill's instructions from the untrusted requirement data.\n
- Capability inventory: Directs the agent to perform file-system writes (
docs/plans/) and references high-capability tools likeltk:executing-plansfor code execution.\n - Sanitization: No input validation or sanitization is performed on the user-provided specs before plan generation.
Audit Metadata