plan-with-files
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected across the skill code or instructions.
- [COMMAND_EXECUTION]: Local shell scripts and hooks are used for task management. These perform benign operations on local text files and present no significant security risk.
- [PROMPT_INJECTION]: Instructions define a productivity framework and do not attempt to override safety protocols. Regarding the indirect injection attack surface: 1. Ingestion points: PreToolUse hook in SKILL.md (reads task_plan.md). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, WebFetch. 4. Sanitization: Absent. This surface is typical for planning tools and is managed by user oversight.
- [DATA_EXFILTRATION]: No unauthorized data access or transfer mechanisms were identified.
Audit Metadata