writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill functions by transforming external 'spec or requirements' into executable development plans, creating an inherent surface for indirect prompt injection.\n
- Ingestion points: User-provided specifications or requirements (SKILL.md).\n
- Boundary markers: The skill does not provide instructions to use delimiters or ignore instructions embedded within the source requirements.\n
- Capability inventory: The resulting plans include file writes, local shell command execution (git, pytest), and the use of sub-skills (loom:executing-plans, loom:subagent-driven-development).\n
- Sanitization: No input validation or sanitization routines are defined to filter malicious instructions in the task source.\n- [COMMAND_EXECUTION]: The skill instructs the agent to generate and run local shell commands for version control and testing (git and pytest) as part of the plan execution template.
Audit Metadata