writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external specifications to generate implementation plans, which creates a potential vector for instructions in the input data to influence the generated code or commands.
- Ingestion points: Processes user-provided "spec or requirements" for tasks.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded instructions within the source specs.
- Capability inventory: The resulting plans include shell commands (
pytest,git commit) and Python code blocks that are intended for execution by the agent or subsequent sub-skills. - Sanitization: The skill does not implement sanitization or validation logic for the input specs.
- [Command Execution] (LOW): The skill explicitly templates the generation of shell commands (
pytestandgit). While these are standard development tools, they represent the capability to execute arbitrary logic if the generated plan is modified by malicious input.
Audit Metadata