writing-plans
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests external design specifications to generate actionable plans. * Ingestion points: User-provided design or brainstormed specifications mentioned in the skill instructions. * Boundary markers: Absent; there are no delimiters or warnings to isolate the untrusted input from the plan generation logic. * Capability inventory: The skill generates shell commands (git, pytest), Python code blocks, and provides handoff instructions to execution sub-skills like superpowers:executing-plans. * Sanitization: Absent; no validation or escaping of the input specification content is defined.
- COMMAND_EXECUTION (LOW): The skill generates shell commands for testing and version control as part of its primary planning purpose. * Evidence: The Task Structure template explicitly generates 'pytest' and 'git commit' commands. These follow a standardized template and are restricted to common development tools, representing low risk in this context.
Audit Metadata