create-test-plan
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources.
- Ingestion points: Reads Pull Request details (title, description, comments) and project source code (SKILL.md).
- Boundary markers: No explicit markers or instructions are provided to the agent to ignore embedded instructions within the analyzed code or PR content.
- Capability inventory: The skill can write to the file system (.turbo/test-plan.md) and suggests the use of interactive tools (computer-use, agent-browser) and direct terminal execution.
- Sanitization: No sanitization or validation of the ingested external content is mentioned.
- [COMMAND_EXECUTION]: The instructions direct the agent to use terminal execution for testing CLI tools and interactive MCP tools for UI testing. This presents a risk where a malicious actor could embed commands within PR descriptions or code comments that the agent then incorporates into a test plan and executes.
Audit Metadata