Skills
skills/charon-fan/agent-playbook/planning-with-files/Gen Agent Trust Hub

planning-with-files

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests access to the Bash tool to manage files and potentially execute local commands as part of the planning workflow. This is a standard capability for development-focused agents but requires user oversight during execution.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from external sources into notes.md and task_plan.md, which creates an attack surface for indirect prompt injection.
  • Ingestion points: The skill reads untrusted data from the filesystem using Read, Grep, and Glob tools.
  • Boundary markers: No explicit delimiters or system instructions are provided to the agent to disregard instructions found within the processed files.
  • Capability inventory: The agent has access to Bash, Write, and Edit tools which could be exploited if malicious instructions are successfully injected into the planning files.
  • Sanitization: The skill does not implement sanitization or filtering of the content read from files before it is processed by the agent logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 02:06 AM