writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes templates for generating shell commands like
git commitandpytest. These are standard tools used for software versioning and testing and are used as intended within the development workflow. - [PROMPT_INJECTION]: The skill establishes a surface for indirect prompt injection because it processes user-provided requirements and transforms them into implementation plans that the agent is then instructed to follow using sub-skills. This risk is inherent to the function of a task-planning agent.
- Ingestion points: User-provided feature specifications and requirements (as described in the Overview).
- Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from obeying instructions embedded within the user's requirements.
- Capability inventory: The skill directs the agent to modify the file system, execute development commands, and invoke other autonomous sub-skills like
superpowers:executing-plans. - Sanitization: No sanitization or validation of the input specifications is performed before integration into the plan document.
Audit Metadata