brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through data ingestion. \n
- Ingestion points: The skill instructions direct the agent to check the current project state, including files, documentation, and recent git commits (SKILL.md). \n
- Boundary markers: No specific delimiters or instructions are provided to the agent to treat external project data as untrusted or to ignore embedded instructions. \n
- Capability inventory: The skill allows the agent to write new design documents to the
docs/plans/directory and commit these files to the git repository. \n - Sanitization: No sanitization or validation logic is defined for the content retrieved from the project context before it is used to influence the design process.
Audit Metadata