Skills
skills/zhanlincui/agent-skills-hunter/planning-with-files/Gen Agent Trust Hub

planning-with-files

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill implements a pattern where untrusted data from external sources is ingested and later processed as part of the agent's core planning logic.
  • Ingestion points: External data from WebSearch and WebFetch operations is saved into findings.md (and potentially task_plan.md) as part of the '2-Action Rule' defined in SKILL.md.
  • Boundary markers: The provided templates (e.g., templates/findings.md) and instructions lack delimiters or 'ignore embedded instructions' warnings to separate untrusted external content from the agent's own task instructions.
  • Capability inventory: The skill allows access to powerful tools including Bash, Write, Edit, and WebSearch, which could be manipulated if the agent follows instructions embedded in the processed data.
  • Sanitization: No sanitization, escaping, or validation is performed on the data fetched from the web before it is written to the planning files and subsequently read back into the context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 02:59 AM