cowork-session-planner
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through project files.
- Ingestion points: The skill reads context.md, CLAUDE.md, logs/log.md, and TASKS.md to extract status and tasks as defined in SKILL.md.
- Boundary markers: Instructions do not specify delimiters or warnings to ignore potentially malicious instructions within the project files.
- Capability inventory: The skill performs workspace file reads and writes the final brief to output/session-brief.md on user request.
- Sanitization: No sanitization or validation is applied to the extracted data before it is presented to the agent for summarization.
Audit Metadata