brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it reads untrusted external data from the project context to generate design specifications. * Ingestion points: Reads current project state including files, docs, and recent commits as specified in the 'Understanding the idea' section. * Boundary markers: There are no explicit instructions to the agent to treat file content as untrusted or to ignore instructions embedded within those files. * Capability inventory: The skill has the capability to write design documents to the file system (docs/plans/) and commit them to git. * Sanitization: No sanitization or filtering of ingested project data is mentioned. Note: The risk is mitigated by the skill's operational design, which requires incremental human validation and step-by-step questioning.
Audit Metadata