writing-plans

The SKILL.md file provides instructions for the AI to create detailed implementation plans. It is a documentation-style skill and does not contain any executable scripts or code that could pose a direct security risk.

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'CRITICAL: Override') were found within the skill's own instructions. The skill does generate instructions for Claude to use other skills, but these are legitimate internal references.
2. Data Exfiltration: The skill does not contain any commands or references that would lead to data exfiltration (e.g., curl, wget, sensitive file paths).
3. Obfuscation: The content is plain markdown with no detected obfuscation techniques (e.g., Base64, zero-width characters, homoglyphs).
4. Unverifiable Dependencies: The skill references other internal skills (superpowers:executing-plans, superpowers:subagent-driven-development), which are part of the agent's ecosystem and not external, unverifiable dependencies.
5. Privilege Escalation: No commands for privilege escalation (e.g., sudo, chmod 777) are present.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, crontab) were found.
7. Metadata Poisoning: The skill's metadata (name, description) is benign and accurately reflects its purpose.
8. Indirect Prompt Injection: The skill itself does not process external data, so it is not directly vulnerable to indirect prompt injection. It generates content, which could theoretically be used as input for other skills, but the generated content's structure is benign.
9. Time-Delayed / Conditional Attacks: No conditional logic for time-delayed or environment-specific attacks was detected.

Overall, the skill is a safe, instructional component for guiding the AI's planning capabilities.