collaborative-plan-with-file
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
Bashto execute standard file system operations. Evidence includes calls togit rev-parse --show-toplevelto identify the project root,mkdir -pfor session directory creation, andcpfor consolidating task artifacts. These operations are limited to local environment management and are consistent with the tool's stated purpose. - [DATA_EXFILTRATION]: The workflow involves searching and reading codebase files (e.g., README, documentation, and existing code) using tools like
Grep,Glob, andReadto gather context for planning. All gathered information is processed locally and stored in the project's.workflow/.planning/directory. No external network calls or data transmission patterns were found. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from the codebase and user input to generate plans.
- Ingestion points: Uses
mcp__ace-tool__search_context,Grep, andReadto ingest file content during the 'Understanding' and 'Planning' phases. - Boundary markers: Uses markdown headers (e.g.,
## 任务池) to separate domain sections, though explicit 'ignore' instructions for embedded data are absent. - Capability inventory: Includes capabilities for writing files, executing shell commands for directory management, and calling subsequent workflows.
- Sanitization: No explicit sanitization or filtering of codebase content is mentioned before it is interpolated into the planning templates.
Audit Metadata