brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and process potentially untrusted data from the local environment which could be used to manipulate the agent.
- Ingestion points: The skill reads 'current project state first (files, docs, recent commits)' to understand context before brainstorming.
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to the agent to disregard instructions found within the project files or commit messages.
- Capability inventory: The skill has the ability to write files to the local filesystem (
docs/plans/), commit changes to git, and call high-capability skills likesuperpowers:using-git-worktrees. - Sanitization: Absent. There is no mention of filtering or validating the content read from the project state before it is used to influence the design process.
Audit Metadata