brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting data from untrusted external sources like web searches, external documentation via the
docs-seekerskill, and visual materials via theai-multimodalskill. This content is summarized and passed as context to downstream commands without explicit sanitization or boundary markers, which could allow malicious instructions in external content to influence the agent. Findings based on evidence chain: (1) Ingestion points:WebSearch,docs-seeker, andai-multimodalskills; (2) Boundary markers: Absent; (3) Capability inventory: Database access viapsqland command execution via slash commands; (4) Sanitization: None identified. - [COMMAND_EXECUTION]: The skill is configured to execute database queries using the
psqlcommand to inspect project structure and data. It also triggers slash commands (/plan:fast,/plan:hard) upon user confirmation, passing the accumulated brainstorm summary as an argument, which creates an automated execution path for potentially influenced data.
Audit Metadata