brainstorm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill reads local project context (files, docs, commits) to inform the brainstorming process. It writes resulting designs to the local
.specs/plans/directory. No network exfiltration or unauthorized data access was detected. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not download external packages or execute remote scripts. It references other internal agent skills (docs:write-concisely, git:create-worktree, sdd:add-task) for standard development workflows.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the existing project files and user-provided topics.
- Ingestion points: User input via 'argument-hint' and automated reading of project files/docs.
- Boundary markers: None present; the skill treats project data as context without explicit delimiters.
- Capability inventory: File system writes (
.specs/plans/), git commits, and worktree creation. - Sanitization: No explicit sanitization or validation of the input data is performed. While this represents a theoretical injection surface, it is consistent with the primary purpose of a development assistant and poses low risk in this context.
- [Command Execution] (SAFE): Uses standard git commands for version control and workspace management, which are appropriate for its stated purpose.
Audit Metadata