writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided specifications to generate implementation plans, creating a surface for indirect prompt injection.
- Ingestion points: Ingests untrusted task specifications and requirements from the user via the writing-plans skill body.
- Boundary markers: Lacks explicit delimiters or instructions to ignore embedded commands within the input specifications.
- Capability inventory: Writes documentation files to the local file system (docs/plans/) and invokes sub-skills with execution capabilities such as 'executing-plans' and 'subagent-driven-development'.
- Sanitization: No validation or sanitization of input requirements is performed before they are incorporated into the plan template.
- [COMMAND_EXECUTION]: The skill generates implementation plans containing terminal commands (e.g., git, pytest) and source code snippets. While it does not execute these directly, it prepares them for automated or semi-automated execution by other sub-skills, providing a pathway for untrusted input to influence system commands.
Audit Metadata