brainstorm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection due to the way it handles user input in brainstorming prompts.\n
- Ingestion points:
SKILL.mduses numerous placeholders (e.g., [topic], [your goal], [problem], [idea 1]) to insert untrusted data into instructions for the Gemini model.\n - Boundary markers: Absent. No delimiters or system-level instructions are used to distinguish user data from the core brainstorming rules.\n
- Capability inventory: The skill uses the
geminiCLI to perform network-based AI operations.\n - Sanitization: Absent. User input is processed as raw text within command-line strings.\n- EXTERNAL_DOWNLOADS (SAFE): The skill requires the installation of the
google-generativeaipackage.\n - Evidence:
pip install google-generativeaiinSKILL.md.\n - Trusted Source: The package is maintained by Google, which is a trusted organization. Per [TRUST-SCOPE-RULE], this finding is considered safe.\n- COMMAND_EXECUTION (SAFE): The skill executes shell commands to interact with the Gemini CLI.\n
- Evidence: Multiple code blocks in
SKILL.mdusing thegeminicommand.\n - Context: This is the intended primary behavior of the skill and uses a trusted tool to perform legitimate brainstorming tasks.
Audit Metadata