70High
The skill dictates agent workflow, forces file writes, generates
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Writing Plans: Write comprehensive implementation plans assuming the engineer has zero context for our codebase and questionable taste. Document everything they need to know: which files to touch for each task, code, testing, docs they might need to check, how to test it. Give them the whole plan as bite-sized tasks. DRY. YAGNI. TDD. Frequent commits.
Actually does
This skill processes an input specification to generate a comprehensive markdown implementation plan for software features. The plan details exact file paths, provides code snippets, specifies `pytest` commands for testing, and `git` commands for committing, and is saved to a markdown file (e.g., `docs/superpowers/plans/`). It then suggests using other skills for plan execution.
Skill Info
Nameobra/superpowers/writing-plans
Registrygithub
Versionc4bbe651cb1b
PURLpkg:github/obra/superpowers@c4bbe651cb1b?skill=writing-plans
Stars180,084
Installs81,600
Source
SHA-25690056bad3d5f...
SHA-1be008098f3d6...
MD53eccd43deb42...
TLSH00c1b8267781...
ssdeep96:d1zZo0bLb...
Size6,046 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Sub-agent Orchestration and Controlhighsub agent spawning
The skill explicitly dictates the use of other specific 'superpowers' skills and the spawning of 'fresh subagents per task', representing a high degree of control over the agentic workflow and other agents' actions.
95% confidence
REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans ... I dispatch a fresh subagent per task
File System Write Capabilityhighpersistence
The skill instructs the agent to save generated plans to a specific file path (`docs/superpowers/plans/YYYY-MM-DD-<feature-name>.md`), which is a direct instruction for file system write operations and could be used for persistence or RAG poisoning.
95% confidence
Save plans to: `docs/superpowers/plans/YYYY-MM-DD-<feature-name>.md`
Generation of Shell Commands for Executionmediumcommand execution
The skill generates specific shell commands (`git add`, `git commit`, `pytest`) as part of the implementation plan, which are intended to be executed by a downstream agent and pose a risk if the input specification leads to malicious command generation.
90% confidence
Run: `pytest tests/path/test.py::test_name -v` ... `git commit -m "feat: add specific feature"`
Semantic Manipulation via Strong Directiveslowautonomy abuse
The skill uses authoritative language like 'Every plan MUST start with this header' and 'REQUIRED SUB-SKILL', which can semantically manipulate the executing agent's reasoning and reduce its autonomy by enforcing strict adherence to predefined patterns and skill usage.
80% confidence
Every plan MUST start with this header ... REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development
Version History (4)
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/obra/superpowers/writing-plans)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/obra/superpowers/writing-plans"><img src="https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/writing-plans.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/obra/superpowers/writing-plans.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow