writing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). [Ingestion points]: The skill processes external 'specs or requirements' as the primary input for plan generation. [Boundary markers]: There are no delimiters or 'ignore embedded instructions' warnings to prevent the agent from obeying instructions hidden within the specifications. [Capability inventory]: The skill generates Python code blocks and shell commands (e.g., git, pytest) which are explicitly intended for handoff to execution-capable sub-skills like superpowers:executing-plans. [Sanitization]: No input validation or sanitization is performed on the provided requirements.
- COMMAND_EXECUTION (HIGH): The skill mandates the generation of exact shell commands for file management and testing. When combined with untrusted inputs, this creates a high-risk attack surface where a malicious specification can lead to the generation of unauthorized commands that a downstream execution agent might run without further verification.
Recommendations
- AI detected serious security threats
Audit Metadata