writing-plans
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection because it transforms untrusted input (design requirements) into structured, executable plans.
- Ingestion points: Processes 'design' or 'brainstorming' output to generate the implementation plan.
- Boundary markers: Absent. The skill does not use delimiters or instructions to prevent the agent from obeying instructions embedded within the source design.
- Capability inventory: The generated plans contain exact file paths, code blocks, and shell commands (
pytest,git). The skill explicitly mandates the use ofsuperpowers:executing-plansandsuperpowers:subagent-driven-developmentfor implementation. - Sanitization: None. The skill interpolates requirements directly into executable code and command structures.
- [COMMAND_EXECUTION] (MEDIUM): The skill routinely generates shell commands for testing and version control. While intended for legitimate development, these commands are presented in a format designed for automated execution by other agents, increasing the impact of any injected malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata