Skills
skills/oimiragieo/agent-studio/planning-with-files/Gen Agent Trust Hub

planning-with-files

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by design. It requires the agent to ingest external data (from tools like browsers) into persistent files ('findings.md') and then read those files to determine future actions.
  • Ingestion points: 'task_plan.md', 'findings.md', and 'progress.md' are read using the 'Read' tool to orient the agent.
  • Boundary markers: No delimiters are specified to isolate untrusted research content from planning instructions.
  • Capability inventory: The agent has 'Read', 'Write', 'Edit', and 'TaskUpdate' capabilities, allowing injected data to influence the planning loop.
  • Sanitization: There is no instruction to validate or sanitize content before storing it in the context-guiding files.
  • [SAFE]: The provided Node.js scripts ('main.cjs', 'pre-execute.cjs', 'post-execute.cjs') are minimal and do not perform any sensitive operations, network calls, or dangerous subprocess execution.
  • [SAFE]: The skill's use of the local filesystem is restricted to creating project-specific markdown files for state management and does not target sensitive paths or system persistence directories.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 04:51 AM