draft-plan
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted information from user requests and external web/documentation searches to generate implementation steps in a plan file.
- Ingestion points: User-provided task descriptions and external technical documentation retrieved via WebSearch or documentation MCP tools.
- Boundary markers: The instructions do not define the use of delimiters or warnings to ignore instructions embedded within the ingested data before it is written to the output file.
- Capability inventory: The skill has the ability to write files to the local filesystem (within the
.turbo/plans/directory), execute other skills, and create tasks viaTaskCreate. - Sanitization: No explicit sanitization or validation logic is present to filter malicious instructions from the external content before interpolation.
- [EXTERNAL_DOWNLOADS]: Fetches information and library documentation using standard WebSearch tools and documentation MCPs to ground technical decisions in current library states.
- [COMMAND_EXECUTION]: Executes other internal skills such as
/survey-patternsand matching task-specific skills to load relevant guidance into the conversation context.
Audit Metadata