writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest external data (specifications/requirements) and transform them into actionable implementation plans involving file writes and shell commands.
- Ingestion points: The skill explicitly triggers when provided with a "spec or requirements for a multi-step task."
- Boundary markers: The instructions do not define delimiters or warnings to ignore malicious instructions embedded within the input specifications.
- Capability inventory: The resulting plans include file creation, line-specific file modification, and shell command execution (e.g.,
pytest,git commit). - Sanitization: No sanitization or validation of the input spec is mentioned before it is interpolated into the generated code and commands.
- [Command Execution] (SAFE): While the skill templates include shell commands like
pytestandgit, these are standard development practices and are consistent with the skill's primary purpose for engineering tasks. - [Data Exposure] (SAFE): The skill only specifies saving plans to
docs/plans/within the local project worktree. No sensitive system paths or network exfiltration patterns were detected.
Audit Metadata