brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface where it ingests untrusted data from the local project environment.
- Ingestion points: The skill explicitly reads current project files, documentation, and recent git commits to establish project context (found in SKILL.md).
- Boundary markers: There are no specific delimiters or instructions to ignore or isolate embedded instructions within the data read from the project files.
- Capability inventory: The skill has the capability to write new design documents to the filesystem (
docs/plans/), perform git commits, and create git worktrees. - Sanitization: The skill lacks explicit sanitization or validation of the project content before it is processed by the agent, which could allow malicious instructions inside project files to influence agent behavior.
- [Command Execution] (SAFE): The skill utilizes git commands (commit, worktrees) and file system writes. These operations are consistent with the primary purpose of a developer-focused brainstorming and documentation tool and do not involve arbitrary command execution or shell injection.
Audit Metadata