pick-next-prompt
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests data from .turbo/prompts.md and .turbo/spec.md to pick and adapt the next implementation steps. This creates a surface for indirect prompt injection where malicious content in those files could influence the agent's planning phase. 1. Ingestion points: .turbo/prompts.md and .turbo/spec.md. 2. Boundary markers: None. 3. Capability inventory: Updating .turbo/prompts.md and generating implementation plans. 4. Sanitization: None. This is a low-risk surface as it does not have access to sensitive system resources or network capabilities.
- [DATA_EXFILTRATION]: The skill reads local project files in the .turbo directory. This is confined to the project workspace and does not involve accessing sensitive system files or transmitting data to external servers.
Audit Metadata