writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill processes user-provided specifications to generate structured plans that include executable steps.\n
- Ingestion points: User-provided specs or requirements (referenced in SKILL.md description).\n
- Boundary markers: Absent; there are no delimiters used to separate user requirements from the instruction logic.\n
- Capability inventory: File creation, file modification, and shell command execution (e.g.,
pytest,git) defined in the Task Structure section.\n - Sanitization: Absent; the requirements are used to populate the task templates directly.\n- COMMAND_EXECUTION (LOW): Dynamic Execution / Script Generation. The skill defines templates for Python code and Bash commands (git, pytest) to be generated and executed by subsequent agents or developers. This is a intended feature but represents a risk if the input requirements are intentionally malicious.
Audit Metadata