brainstorm
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted user input during Phase 1 ('Assess Clarity') and interpolates it into markdown files in Phase 4. While this is the intended functionality of a brainstorming tool, it technically establishes an indirect prompt injection surface for downstream processes.
- Ingestion points: User-provided goal strings in
SKILL.md(Phase 1). - Boundary markers: Absent in the generated output files; user content is directly written into markdown sections.
- Capability inventory: File system writes and directory creation (
mkdir -p) as described inSKILL.md. - Sanitization: Absent; the agent is instructed to summarize and capture the idea without explicit escaping mechanisms.
- [COMMAND_EXECUTION]: The
scripts/validate.shutility usesbash -cto perform automated checks on the skill files. The commands executed are static and defined within the script itself, posing no risk of command injection from external or user-supplied input.
Audit Metadata