planning-with-files

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines a workflow where the agent performs research, stores findings in a local notes.md file, and subsequently reads that file to generate deliverables. This creates a surface for indirect prompt injection if external data sources (e.g., from WebSearch) contain malicious instructions intended to influence the agent's behavior.
  • Ingestion points: The notes.md file serves as persistent storage for untrusted data entering the agent context (referenced in SKILL.md and examples.md).
  • Boundary markers: Templates provided for task_plan.md and notes.md lack delimiters or explicit instructions to the agent to ignore embedded instructions within processed data.
  • Capability inventory: The skill instructs the use of Read, Write, Edit, and WebSearch capabilities across its workflow instructions.
  • Sanitization: No sanitization, validation, or filtering of external content is described before the agent interpolates the findings into its working memory files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 03:01 PM
Security Audit — agent-trust-hub — planning-with-files