doc
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill manages files and directories using local bash scripts. To prevent shell injection or directory traversal, user-provided inputs (such as experiment names or finding titles) are passed through a slugification function that filters out all characters except lowercase alphanumerics and hyphens.
- [PROMPT_INJECTION]: The skill provides strong instructional guidance to the agent to use experiment-specific storage files rather than standard platform defaults (like ephemeral plan files). This behavioral constraint is a functional requirement of the skill's data persistence model and does not constitute a malicious bypass attempt.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists where the skill reads content from plans and checkpoints back into the agent's active memory (e.g., via the
resumecommand). This surface is appropriately managed using<file-content>boundary markers which clearly delineate historical data from current instructions. - [EXTERNAL_DOWNLOADS]: The skill utilizes Python 3 for configuration parsing. It assumes the presence of the
PyYAMLlibrary, which is a standard utility for YAML processing.
Audit Metadata