aile-writing-plans
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill reads external content from Jira stories and local documents (PRD, SAD) which introduces a risk of indirect prompt injection. \n
- Ingestion points: Processes
docs/specs/PRD.md,docs/specs/SAD.md, and Jira Story descriptions provided via MCP tools. \n - Boundary markers: No specific delimiters or instructions to disregard embedded commands are included when context is read. \n
- Capability inventory: The skill can write to the local file system (
docs/plans/), create/update Jira issues via MCP tools, and execute Git commits. \n - Sanitization: No input validation or sanitization is performed on the ingested content before it is used to generate tasks or plan descriptions. \n- [COMMAND_EXECUTION]: The skill provides structured instructions for the agent to execute shell commands locally. \n
- Evidence: Step 6 and the generated TDD tasks include commands like
git commitandpytest. While restricted to the project scope, these commands could potentially be abused if the agent is influenced by malicious instructions in the source documents.
Audit Metadata