writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a vendor-provided initialization script (
init-planning-dir.sh) located in the plugin root to set up the workspace. This is a legitimate functional requirement for establishing the planning environment.- [PROMPT_INJECTION]: The skill maintains an indirect prompt injection surface through the ingestion of external specifications. - Ingestion points: External requirements and feature specifications provided by the user in SKILL.md.
- Boundary markers: No specific delimiters or instructions are defined to isolate untrusted input from the planning logic.
- Capability inventory: The skill performs file writes (implementation plans) and executes shell commands for testing (
pytest) and version control (git). - Sanitization: User-provided inputs are incorporated into the plan generation process without explicit validation or sanitization layers.
Audit Metadata