planning-with-files
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- Metadata Poisoning (MEDIUM): The README and reference files claim a fictional $2 billion acquisition of 'Manus' by Meta to gain prestige and influence user trust. This is a deceptive tactic used to justify the skill's importance.
- EXTERNAL_DOWNLOADS (LOW): The skill provides installation instructions requiring a git clone from an untrusted GitHub repository (github.com/kv0906/cc-skills.git) which does not appear on the trusted source list.
- Indirect Prompt Injection (LOW): The skill ingests research data from the web into notes.md and instructs the agent to 'Read before deciding', creating a surface for embedded instructions to influence agent behavior. Ingestion points: notes.md via WebSearch. Boundary markers: Absent. Capability inventory: File system read/write, WebSearch execution. Sanitization: Absent.
Audit Metadata