planning-with-files
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow where the agent performs research, stores findings in a local
notes.mdfile, and subsequently reads that file to generate deliverables. This creates a surface for indirect prompt injection if external data sources (e.g., fromWebSearch) contain malicious instructions intended to influence the agent's behavior. - Ingestion points: The
notes.mdfile serves as persistent storage for untrusted data entering the agent context (referenced inSKILL.mdandexamples.md). - Boundary markers: Templates provided for
task_plan.mdandnotes.mdlack delimiters or explicit instructions to the agent to ignore embedded instructions within processed data. - Capability inventory: The skill instructs the use of
Read,Write,Edit, andWebSearchcapabilities across its workflow instructions. - Sanitization: No sanitization, validation, or filtering of external content is described before the agent interpolates the findings into its working memory files.
Audit Metadata