brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes 'CRITICAL' directives and 'Auto Mode' flags (e.g., '--yes') to bypass interactive routing and user confirmation steps, overriding default agent behavioral patterns for efficiency.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface detected:
- Ingestion points: The workflow ingests untrusted data from the initial user topic and processes multiple intermediate files like 'guidance-specification.md' and '{role}-context.md' which are derived from user input.
- Boundary markers: There is an absence of explicit delimiters or 'ignore embedded instructions' warnings when these files are read and interpolated into the prompts for the 'conceptual-planning-agent'.
- Capability inventory: The skill has access to powerful tools including 'Bash()', 'Write()', and 'Edit(*)', which could be exploited if an injection occurs.
- Sanitization: The skill lacks evidence of content validation or escaping of the processed text before it is used in subsequent prompt construction.
- [COMMAND_EXECUTION]: The skill requests and utilizes the 'Bash(*)' tool to manage the workflow, search for sessions, and handle file operations. This provides the agent with a significant level of access to the underlying environment.
Audit Metadata