Skills
skills/duonglx/chanmayfoods/brainstorming/Gen Agent Trust Hub

brainstorming

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill is authorized to use the psql command to query database structures and existing data. This grants the agent broad read access to sensitive information within the environment.
  • [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection (Category 8).
  • Ingestion points: The skill ingests untrusted external data through WebSearch, docs-seeker (reading external plugin/package documentation), and ai-multimodal (analyzing external visual materials).
  • Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present to isolate retrieved data from the agent's core logic.
  • Capability inventory: The skill can execute database queries (psql), trigger slash commands (/plan:fast, /plan:hard), and persist data to the filesystem (plan.md).
  • Sanitization: No sanitization or validation logic is defined for data retrieved from web searches or external documentation before it influences decision-making or output generation.
  • [DATA_EXFILTRATION] (MEDIUM): Although no explicit exfiltration destination is defined, the combination of database read access (psql) and outbound network capabilities (WebSearch) provides a functional pathway for sensitive data to be leaked if the agent is compromised via indirect prompt injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:53 AM