directory-management
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to scan subdirectories for existing
PLAN.mdfiles and load their content into the conversation context for project resumption. This creates a surface for indirect prompt injection where an attacker-controlled file could override agent behavior. - Ingestion points: Loading content from
*/PLAN.mdin the filesystem. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content within these files.
- Capability inventory: The skill is designed to manage the creation and organization of executable Python scripts and Jupyter notebooks.
- Sanitization: The skill lacks mechanisms to sanitize or validate the content of the loaded project plans before they enter the agent's context.
Audit Metadata