Skills
skills/tobihagemann/turbo/implement-plan/Gen Agent Trust Hub

implement-plan

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpreting and acting upon untrusted data within workspace plan files. \n
  • Ingestion points: Plan content is read from .turbo/plans/, .turbo/shells/, and .turbo/plan.md (Step 1), and supplementary files referenced in the plan are read in Step 2. \n
  • Boundary markers: There are no delimiters or instructions to treat plan content as untrusted data or to ignore potentially malicious embedded commands. \n
  • Capability inventory: The skill uses TaskCreate and can dynamically load other capabilities via the Skill tool based on string matching against the plan's content (Step 3). \n
  • Sanitization: No validation or sanitization is performed on the ingested file content or referenced paths before they are loaded into the conversation context. \n- [SAFE]: No hardcoded credentials, malicious network exfiltration, or unauthorized command execution patterns were found. \n- [SAFE]: The skill's operations, such as path resolution and task creation, are consistent with its stated purpose of orchestrating plan implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 05:59 PM
Security Audit — agent-trust-hub — implement-plan