brainstorming
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to instructions embedded in external project data.
- Ingestion points: The process explicitly directs the agent to 'Check out the current project state first (files, docs, recent commits)' in SKILL.md.
- Boundary markers: There are no instructions to use delimiters or ignore instructions found within the project files being analyzed.
- Capability inventory: The skill possesses the capability to write files to the local filesystem (
docs/plans/) and executegit commitcommands to modify the repository state. - Sanitization: No sanitization or verification of the external content is performed before it is used to influence the agent's reasoning or the generated design documents.
- Command Execution (MEDIUM): The skill instructs the agent to perform state-altering commands including
git commitand references a high-privilegesuperpowers:using-git-worktreesskill. When combined with the processing of untrusted project files, this elevates the risk of the agent being tricked into performing unauthorized repository actions.
Recommendations
- AI detected serious security threats
Audit Metadata