writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its data ingestion process.
- Ingestion points: Data is received via the
bd showcommand and the output report from thecodebase-investigatoragent. - Boundary markers: There are no explicit delimiters or warnings used to separate external content from internal instructions.
- Capability inventory: The skill can modify task designs via the
bd updatecommand and generate executable shell scripts. - Sanitization: No validation or escaping of external inputs is performed prior to interpolation into task designs.
- [COMMAND_EXECUTION]: The skill dynamically generates and recommends the execution of shell commands and source code snippets (e.g.,
pytest,bd update) based on task requirements and codebase scans.
Audit Metadata