writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill is composed entirely of markdown-based instructions and templates and does not contain any executable scripts or binary files.
- [PROMPT_INJECTION]: The skill functions as an ingestion surface for untrusted data (specifications) and transforms them into plans containing shell commands. (1) Ingestion points: Processes external 'spec or requirements' as input. (2) Boundary markers: No explicit delimiters or instructions are used to isolate the input data. (3) Capability inventory: The resulting plans propose file system operations and shell commands (e.g., git, pytest) to be handled by subsequent sub-skills. (4) Sanitization: No input validation or filtering of the requirements is present.
- [SAFE]: No other security concerns such as data exfiltration, credential exposure, or persistence mechanisms were identified.
Audit Metadata