drive-create-plan
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute project-specific harness commands such as
pnpm typecheck,cargo check, orlintto validate milestones. This is a core feature for developer productivity and is gated by the agent's environment. - [DATA_EXPOSURE]: The skill accesses project specification files (
spec.md) and Linear team/project data via authorized MCP tools. These operations are limited to the project workspace and the user's Linear account. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data (specification files) to derive plans and tasks. While this presents a surface for indirect prompt injection if a specification file is untrusted, the structured nature of the planning process and the requirement for human review of the generated plan mitigate this risk.
Audit Metadata