brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill instructs the agent to read project files, documentation, and git commit history, which are untrusted data sources that could contain malicious instructions. It also facilitates multi-step chains by invoking other skills based on processed data.
- Ingestion points: Project files, documentation, and git history (referenced in SKILL.md).
- Boundary markers: None present; the instructions do not specify delimiters to separate untrusted project data from instructions.
- Capability inventory: File system write access (
docs/plans/), git commit execution, and the ability to trigger other skills likegit-worktreesandwriting-plans. - Sanitization: None specified.
Audit Metadata