writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user specifications to generate implementation plans. There is a potential for indirect prompt injection if an attacker-controlled requirement document contains malicious instructions that are then translated into the generated plan.
- Ingestion points: Processes 'specs or requirements' provided by the user.
- Boundary markers: No specific delimiters or safety warnings are used when interpolating user requirements into the plan structure.
- Capability inventory: The skill proposes file creation, code generation, and shell command execution (git, pytest).
- Sanitization: No visible sanitization or validation of input requirements.
- [Command Execution] (LOW): The skill explicitly templates shell commands such as
pytestandgit commit. While these are standard development tools, the skill's primary function is to generate instructions that will be executed by other agents or the user.
Audit Metadata