brainstorming
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection because it processes untrusted project data and has the capability to modify the environment.
- Ingestion points: The skill reads 'current project state (files, docs, recent commits)' as part of its brainstorming process.
- Boundary markers: No boundary markers or instructions to ignore embedded commands in the ingested files are present.
- Capability inventory: The skill can write files to
docs/plans/, perform git commits, and trigger further implementation via external skills. - Sanitization: No sanitization of ingested content is mentioned, meaning instructions hidden in project documentation or commit messages could influence the agent's output and subsequent file-writing actions.
- [External Downloads] (MEDIUM): The skill references several external dependencies (
elements-of-style:writing-clearly-and-concisely,superpowers:using-git-worktrees, andsuperpowers:writing-plans). These do not originate from the defined list of trusted organizations or repositories and represent unverifiable external logic. - [Command Execution] (LOW): The skill instructions include executing git commands ('Commit the design document to git'). While standard for a developer tool, this capability is the mechanism by which an indirect prompt injection attack would achieve persistence or impact.
Recommendations
- AI detected serious security threats
Audit Metadata