recover
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses standard shell commands (
ls,find,tail,head) to search for checkpoint files within the local project directory structure (plans/reports/). These operations are safe and restricted to localized paths. - [PROMPT_INJECTION] (SAFE): The 'IMPORTANT Task Planning Notes' section contains standard instructions for task management and does not attempt to override system safety filters or extract restricted information.
- [DATA_EXPOSURE] (SAFE): The skill reads internal workflow checkpoint files. It does not access sensitive system paths (like
~/.ssh), hardcoded credentials, or environment secrets. - [EXTERNAL_DOWNLOADS] (SAFE): No external dependencies, remote scripts, or network requests are initiated by this skill.
- [Indirect Prompt Injection] (SAFE): This skill provides a surface for indirect prompt injection by design, as it ingests data from local checkpoint files to restore state.
- Ingestion points: Local files matching the pattern
plans/reports/memory-checkpoint-*.md. - Boundary markers: None; the skill relies on extracting structured JSON from the end of the file.
- Capability inventory: Performs file listing and reading, and calls the
TodoWritetool to restore task state. - Sanitization: None; the skill is a meta-tool that assumes the integrity of its own previously saved state. Given the local scope and intended use-case for workflow management, this is considered a safe operational surface.
Audit Metadata