writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs strong negative constraints and behavioral markers (e.g., 'MUST NOT', 'FORBIDDEN', 'STOP', 'HARD-GATE') to prevent the agent from calling specific built-in state management tools (
EnterPlanMode,ExitPlanMode). These instructions are operational constraints designed to maintain a custom workflow rather than attempts to bypass security or ethical filters. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process user-provided specifications or requirements to generate implementation plans.
- Ingestion points: User-provided specs or requirements mentioned in the description and 'REQUIRED FIRST STEP'.
- Boundary markers: Uses Markdown headers (e.g., '# [Feature Name] Implementation Plan') and YAML blocks to structure output.
- Capability inventory: The skill has the ability to read, create, and update tasks (
TaskList,TaskCreate,TaskUpdate), write files to the local filesystem (docs/plans/), and initiate user prompts (AskUserQuestion). - Sanitization: There are no explicit sanitization or validation steps for the input specifications before they are interpolated into the plan document.
- [COMMAND_EXECUTION]: The skill generates implementation plans that include terminal commands (e.g.,
pytest,git commit,git add) and code blocks. While the skill itself does not execute these commands, it prepares them for subsequent execution by the agent or user, creating a path for commands derived from potentially untrusted specifications to be run. - [EXTERNAL_DOWNLOADS]: The skill references external sub-skills (
superpowers-extended-cc:executing-plans,superpowers-extended-cc:subagent-driven-development) for the execution phase. These references appear to be part of a larger toolkit designed by the author and do not involve immediate remote code downloads during the planning phase.
Audit Metadata