writing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill transforms external 'spec or requirements' into actionable tasks. Evidence: The prompt instructions in SKILL.md lack boundary markers for the requirement input. Capability: The skill produces Python code blocks and shell commands for downstream execution via the referenced sub-skills. Sanitization: None present. This allows malicious requirements to inject harmful code into the generated plan.
- Command Execution (HIGH): The skill explicitly templates shell commands (
pytest,git) and Python functions. Evidence: The 'Task Structure' section of SKILL.md provides templates for writing files and running tests. It mandates the use ofsuperpowers:executing-plansorsuperpowers:subagent-driven-developmentto execute these generated commands, completing a code execution chain. - Prompt Injection (MEDIUM): The skill uses prescriptive directives ('REQUIRED SUB-SKILL', 'MUST start with this header') to override the agent's default behavior and force a hand-off to other tools. While currently used for workflow, this pattern increases the risk of the agent obeying malicious instructions embedded in the input requirements.
Recommendations
- AI detected serious security threats
Audit Metadata