writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill acts as a template generator that ingests untrusted specifications to produce plans containing executable code and shell commands.
- Ingestion points: External requirements or specifications provided by the user (or another agent) serve as the basis for plan generation.
- Boundary markers: No specific delimiters or safety instructions are used to isolate untrusted input within the generated implementation plans.
- Capability inventory: The resulting plans include file creation, Python code blocks, and shell commands (
pytest,git). - Sanitization: The skill lacks explicit sanitization or validation logic for external input before it is interpolated into executable contexts in the plan.
- Dynamic Execution (LOW): The skill generates script fragments and CLI commands intended for execution by a downstream agent or user.
- The logic follows standard software development practices (TDD, DRY, Git) and generates content based on static templates, minimizing the risk of arbitrary code injection within the skill's own operational logic.
Audit Metadata