pick-next-shell
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to manage internal project state by reading shell and plan files within the
.turbofolder. No evidence of data exfiltration or unauthorized file access was found. - [COMMAND_EXECUTION]: The skill invokes other internal agent skills (e.g.,
/expand-shell,/refine-plan,/self-improve). These are expected tool interactions within the agent's operating environment and do not involve arbitrary shell command execution. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data by reading YAML frontmatter from
.turbo/shells/*.md. While this represents an attack surface for indirect prompt injection, the skill's capabilities are limited to coordinating other planning skills and updating status fields, which is considered a low-risk pattern in this context.
Audit Metadata