Skills
skills/othmanadi/planning-with-files/planning-with-files-es/Gen Agent Trust Hub

planning-with-files-es

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements lifecycle hooks (PreToolUse, PostToolUse, Stop) that execute local shell and PowerShell scripts to manage the task planning state and verify completion.
  • [DATA_EXFILTRATION]: The session-catchup.py script accesses local conversation history files in ~/.claude/projects/ and ~/.codex/sessions/. This allows the agent to recover context from previous sessions, which involves reading sensitive local data.
  • [COMMAND_EXECUTION]: The Stop hook uses dynamic path resolution (searching via ls and Get-ChildItem) to locate and execute its own completion-checking scripts within the plugin cache directory.
  • [PROMPT_INJECTION]: The skill contains explicit safety documentation in its 'Límites de seguridad' section, warning about the potential for indirect prompt injection from untrusted external sources and prescribing safe data handling practices.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 12:29 AM