planning-with-files
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface due to its core persistent memory design.
- Ingestion points: The agent is instructed in SKILL.md to read from task_plan.md, findings.md, and progress.md to guide decision-making and track progress.
- Boundary markers: There are no delimiters or specific instructions in the provided templates to isolate or distinguish between agent-generated plans and potentially adversarial content captured from external research (e.g., browser or search tool outputs).
- Capability inventory: The skill utilizes Read, Write, and Edit tools to interact with the local filesystem, enabling a cycle where external data is written to disk and subsequently re-incorporated into the agent's attention window.
- Sanitization: The skill lacks any protocol for sanitizing, validating, or escaping content retrieved from external sources before it is appended to the findings.md or task_plan.md files.
Audit Metadata