writing-plans
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (MEDIUM): The skill uses meta-directives such as 'REQUIRED SUB-SKILL' to instruct the AI to use specific execution tools. If the design input provided to the skill is sourced from untrusted data, an attacker could inject similar instructions to hijack the downstream agent workflow.
- Command Execution (LOW): The skill generates shell commands including 'pytest' and 'git' based on external context. In the absence of strict boundary markers or sanitization, malicious inputs could lead to command injection within the generated implementation plan, which is intended for direct execution by other components.
Audit Metadata