planning-with-files
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface.
- The workflow instructs the agent to read and follow directions from
task_plan.mdandfindings.mdto determine next steps. This creates a risk where untrusted content written to these files (e.g., from external data processing) could redirect the agent's behavior. - Ingestion points: Reading
task_plan.md,findings.md, andprogress.mdduring the 'Context Management' phase. - Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands within these files.
- Capability inventory: The skill encourages the agent to make tool calls and execute commands based on the file contents.
- Sanitization: Absent. There is no logic to validate or sanitize the content of the planning files before the agent treats them as authoritative instructions.
Audit Metadata