Skills
skills/zhanlincui/ultimate-agent-skills-collection/planning-with-files/Gen Agent Trust Hub

planning-with-files

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Indirect Prompt Injection (SAFE): The skill implements 'working memory on disk' by reading and writing to local markdown files (task_plan.md). While this creates a surface where instructions injected into these files (e.g., from web results) could influence the agent, this is the intended primary purpose of the skill and does not constitute a vulnerability in this context.
  • Ingestion points: task_plan.md is read by the PreToolUse hook in SKILL.md and by scripts/check-complete.sh during the session termination.
  • Boundary markers: Absent; the content is presented as raw markdown to the agent's context.
  • Capability inventory: Includes Bash, Write, Edit, WebFetch, and WebSearch tools.
  • Sanitization: None; the scripts use standard utilities like cat and grep to process the plan content.
  • Command Execution (SAFE): The skill utilizes local shell scripts (init-session.sh, check-complete.sh) for automation. These scripts are benign, performing standard file creation and text searching (grep) without privilege escalation or network access.
  • Metadata Integrity (SAFE): The skill's metadata and documentation accurately reflect its behavior. No deceptive instructions were found in the examples or reference materials.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:21 PM