writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a process for converting external requirements into implementation plans that contain shell commands and file-system operations. This creates a surface for indirect prompt injection where a malicious specification could influence the agent to include harmful tasks in the plan generated for the execution sub-skill.\n
- Ingestion points: The skill ingests software specifications and requirements provided by the user (SKILL.md).\n
- Boundary markers: No explicit delimiters or boundary markers are defined to isolate the untrusted input specification from the plan generation instructions.\n
- Capability inventory: The skill generates output meant for the 'executing-plans' and 'subagent-driven-development' sub-skills, which are documented as having the capability to modify files and execute shell commands like 'pytest' and 'git'.\n
- Sanitization: There is no evidence of sanitization or filtering of the input specification to prevent the inclusion of malicious commands or instruction overrides in the resulting plan document.
Audit Metadata