brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from the project environment and possesses the capability to modify the local filesystem.
- Ingestion points: Reads current project state, including files, documentation, and recent commit history (SKILL.md).
- Boundary markers: Absent; there are no instructions or delimiters defined to prevent the agent from obeying instructions embedded within the project files it reads.
- Capability inventory: Writing design documents to the filesystem (
docs/plans/), committing to git, and managing git worktrees. - Sanitization: Absent; the skill does not specify any validation, escaping, or filtering for the content ingested from the project files.
Audit Metadata