writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest untrusted data (user-provided specifications or requirements) and transform it into a structured plan containing executable content.
- Ingestion points: Processes user-provided 'spec or requirements' for multi-step tasks (defined in the
description). - Boundary markers: Absent. The instructions do not define clear delimiters or include warnings for the agent to ignore instructions embedded within the user's input.
- Capability inventory: The skill instructs the agent to write files to the local file system (
docs/plans/) and generates plans that include shell commands (git commit,pytest) and Python code intended for execution by other agents or skills. - Sanitization: Absent. There are no instructions to sanitize, validate, or escape content from the user's specification before interpolating it into the final plan document.
Audit Metadata