planning-with-files
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill creates an indirect prompt injection surface by instructing the agent to save external research findings into local markdown files and later read them to inform actions. Ingestion points: notes.md (stores research and findings from external sources). Boundary markers: Absent; no specific delimiters or ignore-instructions warnings are included in the templates. Capability inventory: File system read and write operations. Sanitization: Absent; no sanitization or escaping mechanisms are prescribed for the ingested external content.
Audit Metadata