brainstorm
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's context-gathering phase introduces a surface for indirect prompt injection by reading untrusted data from the local environment.
- Ingestion points: Project files, documentation, and git history (SKILL.md).
- Boundary markers: The instructions lack explicit delimiters or instructions to ignore embedded commands within the ingested context.
- Capability inventory: The agent can write files to disk and execute git commands (SKILL.md).
- Sanitization: No sanitization or validation of the input data is specified before processing.
Audit Metadata