writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- SAFE (SAFE): No malicious patterns, hidden code, or unauthorized network operations were detected. The skill follows standard development workflows including git worktree management and TDD.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted specifications and translates them into actionable tasks.\n
- Ingestion points: User-provided specifications or requirements mentioned in the YAML frontmatter.\n
- Boundary markers: None; the skill does not provide delimiters or instructions to ignore embedded commands in the source requirements.\n
- Capability inventory: Writing to
docs/plans/, git command generation, and delegation to thesuperpowers:executing-planssub-skill.\n - Sanitization: None; external specs are interpolated directly into the generated implementation plan.\n- COMMAND_EXECUTION (LOW): The skill generates shell commands (git, pytest) for execution by the user or a sub-agent. This is the primary purpose of the skill and follows a known template, minimizing risk.
Audit Metadata