brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill launches a local Node.js companion server to host a 'Brainstorm Companion' web interface. * Evidence: The 'start-server.sh' script executes 'node server.js' to provide an interactive WebSocket-based UI for the brainstorming process. * Security Controls: The server binds to '127.0.0.1' by default and uses 'path.basename' to strip directory components from file requests, preventing directory traversal.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it reads external data from the project repository. * Ingestion points: 'SKILL.md' instructs the agent to 'explore project context' by checking files, documentation, and recent commits. * Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between project content and its own rules. * Capability inventory: The skill can write files to 'docs/specs/', execute local scripts/servers, and call the 'writing-plans' skill. * Sanitization: There is no evidence of input validation or sanitization for the project files ingested.
- [SAFE]: The skill's server implementation avoids third-party library risks and includes a lifecycle check that automatically shuts down the server if the parent process terminates or after an idle period.
Audit Metadata