planning-with-files
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by instructing the agent to store and re-read data from persistent markdown files to guide its decision-making.\n
- Ingestion points: The files task_plan.md and notes.md are frequently read to refresh the agent's context and goals.\n
- Boundary markers: The provided templates for these files do not include explicit boundary markers or instructions to ignore embedded commands.\n
- Capability inventory: The skill encourages the use of file operations, web research, and code modification tools based on the content of the processed files.\n
- Sanitization: There is no requirement or mechanism for sanitizing content fetched from external sources before it is recorded in the persistent memory files.\n- [EXTERNAL_DOWNLOADS]: References context engineering principles from the official Manus AI blog for operational guidance.
Audit Metadata