brainstorm
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data from project files and commits, creating a surface for indirect prompt injection.
- Ingestion points: Reads local project state (files, docs, commits) to understand context as described in the 'Understanding the idea' section.
- Boundary markers: Absent. No instructions are provided to the agent to distinguish between project data and its own system instructions or to treat external data as untrusted.
- Capability inventory: The agent has the capability to read project files and write implementation plans to the local file system (specifically in the 'docs/plans/' directory).
- Sanitization: Absent. No validation, escaping, or filtering of ingested project data is performed before it is used to influence the design process and documentation generation.
Audit Metadata