brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface identified due to the ingestion of untrusted project data combined with file-system write capabilities.\n
- Ingestion points: The skill is instructed to "Explore project context: inspect files, docs, and recent commits" as the first step of its checklist (
SKILL.md).\n - Boundary markers: Absent. The skill lacks instructions to treat ingested file content as potentially untrusted or to use delimiters that would prevent embedded instructions from being interpreted as agent commands.\n
- Capability inventory: The agent is capable of reading repository files and writing documentation to the local file system, including user-defined custom directories (
SKILL.md).\n - Sanitization: Absent. There is no evidence of content validation or sanitization before the information retrieved from the project context is used to generate design proposals or write files.
Audit Metadata