writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill provides functional templates for task organization and does not contain instructions to override safety guidelines or system prompts.
- Data Exposure & Exfiltration (SAFE): No access to sensitive file paths, hardcoded credentials, or unauthorized network calls were identified.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not install packages or execute remote scripts. It merely provides text templates for standard commands like 'npm test'.
- Indirect Prompt Injection (LOW): (1) Ingestion points: User-provided feature names and descriptions are used to populate plans in 'SKILL.md'. (2) Boundary markers: Absent in the templates. (3) Capability inventory: None; this is a documentation-only skill. (4) Sanitization: None specified for external content.
Audit Metadata