ql-brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of natural language instructions and does not include any executable scripts or binary files.
- [SAFE]: No malicious behavior, obfuscation, or unauthorized network activity was detected. The skill's primary function is to facilitate a Socratic design process.
- [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection from the project data it processes.
- Ingestion points: Reads context from project files such as
CLAUDE.md,package.json, andREADMEin Phase 1 (SKILL.md). - Boundary markers: The instructions do not specify the use of clear delimiters or instructions to ignore embedded commands within the read files.
- Capability inventory: The skill has the capability to write design documents to the
docs/plans/directory (SKILL.md). - Sanitization: There is no automated sanitization of the input; however, the skill requires explicit user approval for every section of the design before it is committed to a file, which serves as a significant manual mitigation.
Audit Metadata