planning-with-files
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes external data.
- Ingestion points: WebFetch and WebSearch tools retrieve data that is stored in findings.md (SKILL.md).
- Boundary markers: No markers or 'ignore' instructions are used to delimit external content in the provided templates (templates/findings.md).
- Capability inventory: The agent has access to Bash and file writing tools (SKILL.md).
- Sanitization: No sanitization of retrieved web content is performed.
- [COMMAND_EXECUTION]: The skill uses hooks and instructions to run local scripts for session management, such as session-catchup.py and check-complete.sh. These are part of the skill's infrastructure.
- [EXTERNAL_DOWNLOADS]: The skill utilizes WebSearch and WebFetch tools to retrieve information from the internet, which is then integrated into the agent's working memory via planning files.
Audit Metadata