research-planner
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is a conduit for indirect prompt injection because it processes untrusted user input into a structured file that downstream skills (e.g., a task-splitter) are instructed to act upon.\n
- Ingestion points: The research topic and task description provided by the user in Step 1 and Step 2 are interpolated directly into the instructions and the YAML frontmatter of the output file.\n
- Boundary markers: The skill uses YAML frontmatter for metadata but does not wrap the user-influenced instructions in delimiters or provide 'ignore instructions' warnings to the downstream skills that will read the file.\n
- Capability inventory: The skill possesses file-write capabilities, creating directories and Markdown files at
research/<slug>/<slug>-research-plan.md.\n - Sanitization: The skill implements a slugification routine for the filename (lowercase, alphanumeric replacement, hyphen collapsing), which effectively prevents path traversal. However, it lacks sanitization of the research instructions' content.
Audit Metadata