writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted external data (project specifications or requirements) to generate implementation plans and code snippets.
- Ingestion points: Reads external spec documents (identified as [SPEC_FILE_PATH] in the reviewer prompt) to define task steps and code logic.
- Boundary markers: The instructions lack explicit delimiters or instructions for the agent to ignore potentially malicious commands embedded within the input specifications.
- Capability inventory: The skill has the capability to generate shell commands (e.g., git add/commit, pytest) and write files to the local directory (e.g., docs/superpowers/plans/ and src/ paths), which are subsequently executed or implemented by other tools or agents.
- Sanitization: There is no evidence of sanitization or validation of the input specification content before it is interpolated into the generated plan document.
Audit Metadata