plan-writing
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by directing the agent to write untrusted user content (task goals and names) into the project root as markdown files.
- Ingestion points: User-provided task names and goals are used to generate file names and content in SKILL.md.
- Boundary markers: The provided structure for plan files does not use delimiters or instructions to ignore embedded instructions in the generated output.
- Capability inventory: The skill utilizes 'Read', 'Glob', and 'Grep' tools, and implies the use of a file-writing capability to persist the plans.
- Sanitization: No sanitization or validation of the user-provided strings is mandated before the file is written.
- [NO_CODE]: This skill is entirely instructional and documentation-based; it does not include any scripts, binaries, or logic that executes on the host system.
Audit Metadata