The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the specification file it processes.\n- Ingestion points: Untrusted data enters the agent context via the .turbo/spec.md file, which is read and decomposed in Step 1 and Step 2.\n- Boundary markers: The instructions lack explicit boundary markers or delimiters that would instruct the agent to ignore any embedded instructions or malicious directives within the specification file.\n- Capability inventory: The skill performs file system operations (reading from .turbo/spec.md and writing to .turbo/prompts.md), orchestrates sub-agents for plan verification, and performs external resource lookups and searches for cross-reference validation in Step 4.\n- Sanitization: No validation, escaping, or sanitization is performed on the content extracted from the specification file before it is transformed into implementation prompts.

create-prompt-plan