writing-plans
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill acts as a transformer that takes untrusted user requirements and outputs a structured implementation plan containing executable code snippets and shell commands (e.g., git add, pytest).
- Ingestion points: Untrusted data enters the context via user-provided specs or requirements mentioned in the overview.
- Boundary markers: Absent. There are no instructions or delimiters to isolate the user input or prevent it from overriding the plan generation logic.
- Capability inventory: While this skill's primary action is writing a markdown file to docs/plans/, its output is explicitly intended for immediate execution by other sub-skills like superpowers:executing-plans and superpowers:subagent-driven-development, which have high-privilege capabilities including command execution and code modification.
- Sanitization: Absent. No validation or sanitization is performed on the user input before it is used to generate the plan. A malicious spec could trick the agent into including destructive commands in the plan's shell steps.
Audit Metadata