plan-newsletter
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates as a thin orchestrator, delegating logic to the 'creator-stack' suite of tools. This modular architecture is a standard and secure practice for task management.- [PROMPT_INJECTION]: The skill processes untrusted external content such as transcripts and URLs, creating a surface for indirect prompt injection where malicious instructions in the source material could influence the agent's behavior during the planning process.
- Ingestion points: User-provided topics, video transcripts, notes, and URLs (SKILL.md).
- Boundary markers: No explicit delimiters are used to isolate untrusted data in the prompts.
- Capability inventory: File system write access and execution of delegated tool calls (SKILL.md).
- Sanitization: Uses slugification for file paths, but does not specify sanitization for the content processed by foundation skills.
Audit Metadata