feature-planning
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill contains an indirect prompt injection surface (Category 8) because it reads external project files and interpolates their content into prompts for downstream skills without boundary markers or sanitization.\n
- Ingestion points: Reads
CLAUDE.md(Step 1) and allZ01research files (Step 3) found in the repository.\n - Boundary markers: Absent. The content extracted from these files is directly embedded into the prompt for the
superpowers:writing-plansskill using simple string interpolation.\n - Capability inventory: The skill has permissions to read arbitrary project files, invoke the
superpowers:writing-plansskill, and write implementation plans and clarification files to the filesystem.\n - Sanitization: No sanitization, escaping, or validation of the ingested file content is performed before passing it to the planning agent.
Audit Metadata