writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it transforms untrusted input (feature specifications/requirements) into structured implementation plans that include executable code and shell commands.
- Ingestion points: Project specifications and requirements documents (referenced in the Review Loop section of SKILL.md) used as the basis for plan generation.
- Boundary markers: The skill does not define explicit delimiters or instructions for the agent to ignore embedded instructions within the input specs.
- Capability inventory: The generated plans contain shell commands (
pytest,git) and instructions for direct code modifications across the codebase (SKILL.md). - Sanitization: While the skill incorporates a 'Plan Review Loop' using a subagent (plan-document-reviewer-prompt.md), this process focuses on architectural alignment and completeness rather than detecting or sanitizing adversarial instructions.
- [COMMAND_EXECUTION]: The implementation plans generated by this skill explicitly include shell commands for running tests and committing code to version control. These commands are intended to be executed in the development environment, either by the main agent or a delegated subagent as specified in the 'Execution Handoff' section of SKILL.md.
Audit Metadata