Skills
skills/fradser/dotclaude/writing-plans/Gen Agent Trust Hub

writing-plans

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and propagates content from potentially untrusted bdd-specs.md files into newly created task files without sanitization.
  • Ingestion points: Content is ingested from bdd-specs.md located within the design folder (as seen in Phase 1 and Phase 2 of SKILL.md).
  • Boundary markers: Tasks are structured using Gherkin blocks (Given/When/Then), but the text within those blocks is not validated for malicious instructions before being written to task files.
  • Capability inventory: The skill performs file system write operations (creating task markdown files), executes git commands (SKILL.md), and invokes the superpowers:executing-plans skill tool.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the input scenario text before it is used to generate the output task files.
  • [COMMAND_EXECUTION]: The skill mandates the use of Git commands for managing the implementation plan documentation.
  • Evidence: SKILL.md includes a mandatory "Git Commit" section requiring the execution of git add and git commit for the generated plan folder.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 02:53 AM