drive-create-plan

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute project-specific harness commands such as pnpm typecheck, cargo check, or lint to validate milestones. This is a core feature for developer productivity and is gated by the agent's environment.
  • [DATA_EXPOSURE]: The skill accesses project specification files (spec.md) and Linear team/project data via authorized MCP tools. These operations are limited to the project workspace and the user's Linear account.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data (specification files) to derive plans and tasks. While this presents a surface for indirect prompt injection if a specification file is untrusted, the structured nature of the planning process and the requirement for human review of the generated plan mitigate this risk.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 05:56 AM
Security Audit — agent-trust-hub — drive-create-plan