writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill implements a Memory Protocol that reads from
.claude/context/memory/learnings.md, creating a surface for indirect prompt injection if those files contain untrusted content. Evidence: Ingestion points:.claude/context/memory/learnings.mdis read before starting. Boundary markers: Absent. Capability inventory: Use of Read and Write tools, plus generation of plans containing shell commands for pytest and git. Sanitization: No validation or sanitization of memory content is performed. - Dynamic Execution (LOW): The skill generates implementation plans that include executable code and shell commands (e.g., pytest, git). While the skill itself does not execute these, it directs the agent to hand off the generated content to other execution skills.
Audit Metadata