Skills
skills/othmanadi/planning-with-files/planning-with-files-ar/Gen Agent Trust Hub

planning-with-files-ar

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses local shell and PowerShell scripts (init-session.sh/ps1, check-complete.sh/ps1) to initialize and verify task planning files. These are triggered by skill hooks during session start, tool use, and shutdown. The session-catchup.py script also parses local session logs from ~/.claude/projects/ or ~/.codex/sessions/ to restore task state.\n- [PROMPT_INJECTION]: The skill implements a persistent context mechanism that introduces an indirect prompt injection surface.\n
  • Ingestion points: The PreToolUse hook in SKILL.md automatically reads task_plan.md into the conversation context via the cat command.\n
  • Boundary markers: Contents are injected without delimiters or instructions to ignore embedded commands.\n
  • Capability inventory: The skill utilizes powerful tools including Bash, Write, and Edit as defined in the allowed-tools metadata.\n
  • Sanitization: No validation is performed on the file content before injection. The skill author documents this risk in the 'Limits and Safety' section and provides usage guidelines to mitigate the concern.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 05:34 AM