brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the local environment to drive its decision-making process.
- Ingestion points: The skill explicitly instructs the agent to 'Explore project context — check files, docs, recent commits' in
SKILL.md. - Boundary markers: The instructions lack delimiters or explicit warnings to the agent to ignore instructions that might be embedded within those project files or commit messages.
- Capability inventory: The skill has the capability to write design documents to the file system (
docs/plans/), commit those files to git, and invoke thewriting-plansskill to continue the implementation pipeline. - Sanitization: There is no evidence of sanitization or filtering of the content read from the project context before it is used to generate design recommendations.
Audit Metadata