planning-with-files
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- SAFE (SAFE): The skill consists entirely of instructional markdown and templates. No executable scripts or binary files are included. The instructions focus on organization and context management rather than performing privileged or risky system operations.
- NO_CODE (SAFE): No code files (Python, JavaScript, etc.) were found. The skill relies on the agent's built-in tools to manage markdown files.
- Indirect Prompt Injection (SAFE): The skill encourages storing external research in
notes.mdwhich the agent then reads. - Ingestion points:
notes.md(receives findings from web research tools). - Boundary markers: Absent; the provided templates use standard markdown headers but no explicit instruction isolation.
- Capability inventory: File reading, writing, editing, and web searching.
- Sanitization: Not specified; the agent is expected to process the file content directly.
- Assessment: This represents a standard indirect prompt injection surface inherent to agentic research workflows, rather than a specific vulnerability introduced by this skill.
Audit Metadata