plan-writing
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions define a process that is susceptible to indirect prompt injection.
- Ingestion points: Filenames and plan content are dynamically generated based on user-provided task descriptions (e.g., the {task-slug} variable).
- Boundary markers: There are no instructions for the agent to use delimiters or ignore potentially malicious instructions within the user-provided data.
- Capability inventory: The skill directs the agent to save files to the project root, implying a requirement for file-writing capabilities that could be exploited.
- Sanitization: The skill does not provide any guidelines for sanitizing the task slug or validating the resulting file path.
- [NO_CODE]: The skill is composed solely of markdown instructions and metadata; it does not include any scripts, binaries, or other executable files.
Audit Metadata