writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted user specifications.
- Ingestion points: User-provided requirements or specs are ingested to generate the implementation plan (SKILL.md).
- Boundary markers: The skill relies on standard Markdown structure but lacks explicit delimiters or instructions to ignore commands within the ingested data.
- Capability inventory: The skill uses tools like
warcraft_plan_writeand generates plans containing executable shell commands (pytest,git,curl) and code snippets. - Sanitization: There is no evidence of input validation or sanitization for the content of the specifications.
Audit Metadata