planning-documentation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill creates a surface where malicious instructions provided in a feature request could be incorporated into the generated implementation plans.
- Ingestion points: The skill ingests user-provided feature names, goals, and architectural details to populate the implementation plan template.
- Boundary markers: There are no explicit delimiters or warnings to the agent to ignore instructions embedded within the user-provided feature descriptions.
- Capability inventory: The skill is designed to work in conjunction with other capabilities like
superpowers:executing-plansandsuperpowers:subagent-driven-development, which involve shell command execution (pytest,git) and file modifications. - Sanitization: The skill does not implement any escaping or validation of the input before interpolating it into the plan document.
- [Prompt Injection] (LOW): The skill uses authoritative language ("REQUIRED SUB-SKILL", "Every plan MUST start with") to direct agent behavior and tool usage. While these are structural instructions for the skill's purpose, they reflect a pattern of controlling agent flow through the prompt context.
Audit Metadata