Skills
skills/claudiodearaujo/izacenter/planning-with-files/Gen Agent Trust Hub

planning-with-files

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts included in the package to manage the task lifecycle.
  • scripts/init-session.sh initializes task_plan.md, findings.md, and progress.md in the user's project directory.
  • scripts/check-complete.sh is executed via the Stop hook to count completed phases in the plan file using grep.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its context-refreshing mechanism.
  • Ingestion points: The PreToolUse hook for Write, Edit, and Bash tools executes cat task_plan.md 2>/dev/null | head -30 || true, injecting the start of the plan file directly into the agent's recent context.
  • Boundary markers: There are no protective delimiters or instructions to the model to ignore embedded commands within the echoed file content.
  • Capability inventory: The agent has access to sensitive tools including Bash, Write, and WebFetch.
  • Sanitization: No filtering or escaping is applied to the content of task_plan.md before it is presented to the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 01:14 AM