brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted data from the local project environment.
- Ingestion points: The skill explicitly reads the "current project state (files, docs, recent commits)" as part of its initialization (SKILL.md).
- Boundary markers: Absent. The instructions do not specify any delimiters or warnings to the agent to ignore potential instructions embedded within the files or commit messages it reads.
- Capability inventory: The skill has the capability to write new design documents to the file system (
docs/plans/), perform git commits, and invoke other powerful skills such asgit-worktreesandwriting-plans. - Sanitization: Absent. There is no mention of filtering, escaping, or validating the content retrieved from the project context before it is used to influence the agent's brainstorming and design output.
- [Data Exposure & Exfiltration] (SAFE): No evidence of hardcoded credentials, sensitive system file access (e.g., SSH keys), or network exfiltration patterns was detected.
- [Remote Code Execution] (SAFE): The skill does not download or execute remote scripts and does not install any external packages at runtime.
Audit Metadata