plans-kanban
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The server implements a '/file/*' route for serving local files. This creates a significant attack surface for directory traversal if the path parameter is not strictly sanitized, potentially allowing an attacker to read any file accessible to the process.
- [COMMAND_EXECUTION] (MEDIUM): The skill executes local Node.js scripts and includes options to bind the server to '0.0.0.0', exposing the host's file system and server routes to the local network.
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires manual installation of the 'gray-matter' npm package from a public registry.
- [PROMPT_INJECTION] (LOW): The 'Task Planning Notes' section contains imperative instructions ('Always plan...', 'Always add...') intended to modify the agent's behavior. Additionally, the skill processes untrusted local files (plan.md) which could contain indirect injections (Ingestion: plan directory scanning; Boundaries: absent; Capabilities: server-side rendering and file serving; Sanitization: undocumented).
Audit Metadata