brainstorm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface (Category 8). 1. Ingestion points: user arguments ($ARGUMENTS), WebSearch, and docs-seeker tool outputs. 2. Boundary markers: Uses tags for user input. 3. Capability inventory: Database access (psql), network search, and agent orchestration. 4. Sanitization: No evidence of sanitization for tool-provided content.
- COMMAND_EXECUTION (LOW): Uses the psql tool to inspect database schemas. This is a powerful capability that, while intended for architectural brainstorming, could be exploited to expose sensitive structural information if the agent's instructions are overridden via indirect injection.
Audit Metadata