brainstorming-with-explorer-challenger-teams
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to the way it processes external project data.
- Ingestion points: The skill reads
README, roadmap, backlog, planning files, changelogs, and open issues from the local repository in Step 1. - Boundary markers: The explorer and challenger prompt templates use simple Markdown headers (e.g.,
## Project Context) to delimit external content, which provides weak isolation against adversarial instructions embedded in the project files. - Capability inventory: The spawned sub-agents have the ability to explore the codebase, write files to the project directory, and communicate with each other.
- Sanitization: There is no explicit sanitization or escaping of the ingested text; the skill relies on the LLM to 'condense' the context, which is itself a process susceptible to injection.
Audit Metadata