writing-plans
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill specifies templates for generating and executing local shell commands for testing (e.g., pytest, npm test, go test) and version control (e.g., git add, git commit). These commands are necessary for the implementation and verification steps described in the generated plans.\n- [PROMPT_INJECTION]: The skill operates on external, potentially untrusted design documents which creates a surface for indirect prompt injection. Malicious content within a design document could theoretically be used to influence the agent's task generation or command output.\n
- Ingestion points: Reads specification documents from the
docs/specs/directory as described inSKILL.md.\n - Boundary markers: Uses structured Markdown headers and task-specific blocks (e.g., Tasks, Steps) to organize content, but lacks explicit warnings to ignore instructions found within the input design files.\n
- Capability inventory: The skill generates file-write operations, shell commands for local execution, and can dispatch subagents for review tasks as outlined in
references/plan-document-reviewer-prompt.md.\n - Sanitization: No validation or sanitization is performed on the content of the input design specifications before they are processed to create the implementation plan.
Audit Metadata