Skills
skills/zhaono1/agent-playbook/planning-with-files/Gen Agent Trust Hub

planning-with-files

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill enables the Bash tool, granting the agent the ability to execute arbitrary shell commands. While this is intended for the "Manus-style" workflow, it represents a high-privilege capability that could be abused if the agent is compromised via other vectors.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
  • Ingestion points: The agent is instructed to read from and update files like task_plan.md and notes.md as part of its core workflow (SKILL.md).
  • Boundary markers: No delimiters or safety instructions are provided to ensure the agent treats the content of these files as untrusted data rather than direct instructions.
  • Capability inventory: The agent is granted access to high-privilege tools including Bash, Write, Edit, Read, Grep, and Glob (SKILL.md).
  • Sanitization: The skill does not implement any sanitization or validation for data read from the local filesystem before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 02:59 PM