writing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill identifies 'completed design' as its primary input source, creating a high-risk surface for processing untrusted data.
- Ingestion points: Processes external design documents to generate implementation tasks in
SKILL.md. - Boundary markers: Absent. There are no instructions to ignore or isolate embedded instructions within the ingested design content.
- Capability inventory: File writing (saves to
docs/plans/), shell command generation (pytest,git), and sub-agent delegation viasuperpowers:executing-plansandsuperpowers:subagent-driven-development. - Sanitization: Absent. The skill directly interpolates external requirements into executable code blocks and bash commands.
- Dynamic Execution (HIGH): The skill generates script fragments and shell commands intended for immediate execution. It explicitly commands the agent to 'Use superpowers:executing-plans to implement this plan task-by-task', closing the loop between untrusted input and code execution.
- Command Execution (MEDIUM): The skill frequently generates
gitandpytestcommands, which can be manipulated if the plan generation phase is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata