Skills
skills/aj-geddes/claude-code-bmad-skills/Creative Intelligence/Gen Agent Trust Hub

Creative Intelligence

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): Scripts scamper-prompts.sh and swot-template.sh utilize double-quoted heredocs (cat <<EOF) which allow for shell expansion of the variables passed as arguments. If an agent passes untrusted user input as a topic or subject, it could result in unintended command execution within the agent's environment. Evidence: scripts/scamper-prompts.sh and scripts/swot-template.sh both interpolate variables inside an unquoted heredoc.
  • [PROMPT_INJECTION] (LOW): The skill processes untrusted user input (topics, subjects) via script arguments and interpolates them into generated reports without sanitization, creating a surface for indirect prompt injection. 1. Ingestion points: TOPIC and SUBJECT arguments in bash scripts. 2. Boundary markers: Absent. 3. Capability inventory: Local script execution (bash) and text generation. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 05:44 PM