writing-plans
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a platform script
setup-superpower-loop.sh. The execution string is dynamically constructed by incorporating a<resolved-design-path>, which is sourced from user-supplied$ARGUMENTSor discovered via file system search indocs/plans/. Constructing shell commands with external or unvalidated strings creates a risk of command injection if the input contains shell metacharacters. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It is instructed to read
bdd-specs.mdas the 'source of truth' and incorporate its content into generated task files. - Ingestion points: Reads
bdd-specs.mdduring Initialization and Phase 1. - Boundary markers: Absent. The skill does not define clear delimiters or instruction-override protections for the ingested content.
- Capability inventory: The skill can execute shell scripts (Superpower Loop), write files (task generation), perform git operations, and launch parallel sub-agents.
- Sanitization: Absent. Instructions mandate reading the file completely and replicating its scenarios in detail without filtering or validation.
- [REMOTE_CODE_EXECUTION]: While no remote code is downloaded from the internet, the skill depends on an external executable script provided by the environment at
${CLAUDE_PLUGIN_ROOT}/scripts/setup-superpower-loop.sh. The safety of the skill relies on the integrity and security of this platform-level script.
Audit Metadata