brainstorming-partner
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or unauthorized data access commands were detected in the skill instructions or metadata. The installation process uses the expected goose-skills framework command.
- [INDIRECT_PROMPT_INJECTION]: The skill uses WebSearch and WebFetch tools to gather information from external sources, which constitutes a standard attack surface for indirect prompt injection. * Ingestion points: WebSearch and WebFetch tools are called in Phase 2 and Phase 3 of the brainstorming flow in SKILL.md. * Boundary markers: The instructions do not include explicit delimiters or warnings to ignore embedded instructions in search results. * Capability inventory: The skill utilizes network read capabilities for research purposes. * Sanitization: No explicit sanitization or filtering of external content is defined within the skill instructions.
Audit Metadata