Skills
skills/automindtechnologie-jpg/ultimate-skill.md/planning-with-files/Gen Agent Trust Hub

planning-with-files

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface through its automated hooks.
  • Ingestion points: The PreToolUse hook executes cat task_plan.md 2>/dev/null | head -30 || true whenever the Write, Edit, or Bash tools are about to be used. This reads the task plan directly into the agent's active context.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the command output displayed to the agent.
  • Capability inventory: The skill permits use of Bash, Write, Edit, WebFetch, and WebSearch, which provides both the means to fetch untrusted data and the ability to execute system commands.
  • Sanitization: No sanitization or validation of the file content is performed before it is injected into the session context via the hook.
  • [COMMAND_EXECUTION]: The skill uses shell commands within multiple lifecycle hooks to automate the planning workflow.
  • The PreToolUse hook executes a shell pipeline (cat, head) to display the current plan.
  • The Stop hook executes a shell script located at ${CLAUDE_PLUGIN_ROOT}/scripts/check-complete.sh to verify task completion.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:33 PM