workflow-brainstorm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill reads external project data which could contain malicious instructions meant to influence the agent's behavior. \n
- Ingestion points: README.md, docs/, package.json, Cargo.toml, pyproject.toml, and git log output. \n
- Boundary markers: None provided to distinguish between system instructions and file content. \n
- Capability inventory: The skill can write files to the local directory and executes a subprocess command (git log). \n
- Sanitization: No sanitization or validation of the ingested file content is performed. \n- [Command Execution] (LOW): The skill explicitly instructs the agent to execute
git log -n 10 --onelineto gather project history. While this is a common development task, it involves spawning a subprocess.
Audit Metadata