writing-plans
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, unauthorized command execution, or data exfiltration attempts were detected. The skill follows professional software development practices such as TDD and structured task decomposition.
- [COMMAND_EXECUTION]: The skill generates implementation plans that include shell commands (e.g.,
pytest,git commit) as part of the documentation for human or subagent execution. It does not execute these commands directly but provides them as templates within the generated.mdfiles. - [PROMPT_INJECTION]: The instructions utilize forceful control flow directives (e.g., "HARD-GATE", "CRITICAL CONSTRAINTS", "MUST NOT") to ensure the agent adheres to specific platform state management (avoiding
EnterPlanMode). These constraints are functional for the workflow and do not attempt to bypass safety filters or reveal system prompts. - [DATA_EXFILTRATION]: All file operations are restricted to the local workspace, specifically for saving plans and task tracking files in
docs/superpowers/plans/. No network requests or external data transfers were found. - [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill ingests user-provided specifications to generate plans.
- Ingestion points: Specifications and requirements provided by the user in the prompt.
- Boundary markers: Absent for plan generation; instructional constraints are present for the reviewer subagent template.
- Capability inventory: Task management (
TaskCreate,TaskUpdate), file writing, and interaction tools (AskUserQuestion) inSKILL.md. - Sanitization: No explicit sanitization of input data before interpolation into the generated plan document.
Audit Metadata