Skills
skills/poletron/custom-rules/planning-with-files/Gen Agent Trust Hub

planning-with-files

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill utilizes local bash scripts (init-session.sh, check-complete.sh) and skill hooks (PreToolUse, Stop) for state management. These scripts perform standard file operations (grep, cat, echo) on specific planning files within the project directory. No arbitrary command injection or privilege escalation vectors were found.
  • [DATA_EXPOSURE] (SAFE): File access is restricted to the current project directory and the skill's own directory for templates. No access to sensitive system paths like ~/.ssh or ~/.aws was detected.
  • [INDIRECT_PROMPT_INJECTION] (SAFE): The skill automatically reads task_plan.md into the agent's context before tool use to refresh goals. While this creates a surface where untrusted data (if written to the plan from an external source) could influence the agent, this behavior is the primary intended function of the skill and is documented for the user.
  • Ingestion points: task_plan.md via cat in PreToolUse hook.
  • Boundary markers: Absent.
  • Capability inventory: Bash, Write, WebFetch.
  • Sanitization: Absent.
  • [SAFE] (SAFE): No obfuscation, remote code execution, or persistence mechanisms are present.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:39 PM