brainstorming
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is vulnerable to indirect prompt injection (Category 8). * Evidence Chain: 1. Ingestion points: Reads local project files, documentation, and git history. 2. Boundary markers: None identified. 3. Capability inventory: Filesystem write access and Git command execution (commits and worktrees). 4. Sanitization: None identified. Malicious instructions hidden in project files could subvert the agent's behavior during the 'Understanding the idea' phase.
- [Command Execution] (MEDIUM): The skill instructs the agent to perform git operations like 'commit' and 'worktree'. While standard, these tools allow the agent to modify the persistent state of the repository based on potentially poisoned context.
Recommendations
- AI detected serious security threats
Audit Metadata