Skills
skills/georgekhananaev/claude-skills-vault/planning-with-files/Gen Agent Trust Hub

planning-with-files

Fail

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes automated hooks to execute shell commands and PowerShell scripts during the agent lifecycle.
  • [COMMAND_EXECUTION]: The Stop hook executes a PowerShell script using the -ExecutionPolicy Bypass flag. This technique is designed to circumvent system security policies that would otherwise prevent the execution of scripts. Evidence: powershell.exe -NoProfile -ExecutionPolicy Bypass -File "$SD/check-complete.ps1".
  • [PROMPT_INJECTION]: The skill implements a PreToolUse hook that automatically injects content from task_plan.md into the agent's context window before every tool call, creating a recurring surface for indirect prompt injection.
  • Ingestion points: Content is read from task_plan.md and injected into the conversation via the PreToolUse hook in SKILL.md.
  • Boundary markers: The injection mechanism lacks delimiters or specific instructions to treat the file content as untrusted data.
  • Capability inventory: The skill allows the use of powerful tools including Bash, Write, Edit, and Read.
  • Sanitization: No sanitization, validation, or escaping is applied to the file content before it is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 4, 2026, 01:18 PM