writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): Identified a potential Indirect Prompt Injection surface (Category 8) where external specifications are processed into executable plans. \n- Ingestion points: The skill is designed to take external 'specs or requirements' as input to generate plan documents. \n- Boundary markers: The prompt template lacks explicit delimiters or instructions to ignore instructions embedded within the source requirements. \n- Capability inventory: The skill writes plan files to the local filesystem (docs/plans/) which contain shell commands (pytest, git) and python code blocks intended for subsequent execution. \n- Sanitization: No sanitization or validation of the input requirement content is performed before interpolation into the plan. \n- [No Code] (SAFE): The skill consists entirely of markdown-based instructions and metadata; it does not contain or execute any scripts, binaries, or direct system calls during its own operation.
Audit Metadata