gathering-planning
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8). 1. Ingestion points: Untrusted data enters the context via the 'brain dump' user input and by scanning the codebase for TODO/FIXME comments using the
gftool. 2. Boundary markers: There are no delimiters or specific system instructions used to separate the ingested data from the agent's core instructions. 3. Capability inventory: The skill utilizesgffor file reading andgw gh issue batchfor writing data to an external service (GitHub). 4. Sanitization: No sanitization or validation is applied to the content extracted from the codebase or the user's ideas before they are processed and published as GitHub issues.
Audit Metadata