brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest untrusted data by exploring project context through files and commit history. This presents a surface for indirect prompt injection if an attacker-controlled file contains malicious instructions.
- Evidence: The checklist in
SKILL.mdinstructs the agent to 'Explore project context — check files, docs, recent commits'. - Boundary Markers: The skill implements a
<HARD-GATE>that explicitly forbids implementation actions until a design is presented and human approval is received. - Capability Inventory: The skill has the capability to read local files, write a design document to
docs/plans/, and commit changes to git. - Sanitization: No explicit sanitization or escaping of file content is defined; however, the requirement for incremental user validation significantly mitigates the risk of accidental obedience to embedded instructions.
- [Data Exposure] (SAFE): The skill accesses local project files to understand intent. While this involves reading potentially sensitive project data, there are no network operations or external exfiltration patterns detected. All activities (writing docs, committing) are restricted to the local repository.
Audit Metadata