writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted project specifications to generate implementation plans, which creates a potential surface for indirect prompt injection where malicious instructions in the input could influence the generated output.
- Ingestion points: Technical requirements and specifications documents are the primary input for the planning process.
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands or instructions within the ingested specifications.
- Capability inventory: The skill is designed to generate plans that include file system modifications and shell command execution (e.g.,
git,pytest). - Sanitization: No sanitization or validation logic is specified for the input data before it is incorporated into the planning process.
- [COMMAND_EXECUTION]: The skill instructs the agent to generate and potentially execute implementation plans containing shell commands for testing (
pytest) and version control (git). while standard for development, these commands are derived from the generated plan which is influenced by external input.
Audit Metadata