writing-plans
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest untrusted external data (specs or requirements) and transform them into executable plans. It lacks boundary markers or sanitization logic to handle adversarial input embedded within these specs.
- Ingestion Point: External 'spec or requirements' files provided to the agent.
- Boundary Markers: Absent. The template does not utilize delimiters to separate untrusted requirements from instructions.
- Capability Inventory: The resulting plans include file creation, file modification, and shell command execution (
pytest,git). These capabilities are handed off to sub-skills likesuperpowers:executing-plans. - Sanitization: None. The skill assumes the input spec is benign and directly interpolates requirements into a plan structure.
- Command Execution (LOW): The skill provides templates for shell commands including
gitandpytest. While these are standard development tools, they represent the execution surface for any injected content from the planning phase.
Audit Metadata