writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill includes documentation for cleaning up its ephemeral plan directories using
rm -rfwithin the.claude/plans/directory. This is standard cleanup logic for its primary purpose. - [PROMPT_INJECTION] (LOW): The skill acts as an ingestion surface for Indirect Prompt Injection because it processes user-provided specifications to generate task briefings that contain shell commands (Category 8).
- Ingestion points: The skill takes a 'spec or requirements' as input in
SKILL.mdto generate plans. - Boundary markers: Absent; the skill does not explicitly delimit the user input within its internal templates to prevent instructions from escaping the requirement context.
- Capability inventory: The resulting briefings contain shell commands (
npm test,git commit,npm run lint) and file modification instructions intended for execution by subagents. - Sanitization: Absent; the skill relies on the coordinator's reasoning to interpret the spec correctly.
- [NO_CODE] (SAFE): The skill consists entirely of Markdown documentation and templates. No executable scripts (.py, .js, .sh) are included in the skill package itself.
Audit Metadata