ideation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of processing untrusted data to generate structured artifacts.
- Ingestion points: Phase 1 (Intake) in
SKILL.mdaccepts unorganized user input, including voice transcripts and scattered thoughts, which are then used to drive the generation of all subsequent documents. - Boundary markers: No explicit delimiters or system instructions are used to separate the user-provided 'brain dump' from the agent's internal logic, increasing the risk that the agent may follow instructions embedded within the user data.
- Capability inventory: The skill creates and writes to files in the
./docs/ideation/directory and generates technical specifications (references/spec-template.md) that include shell commands such aspnpm buildandpnpm test. - Sanitization: The skill lacks validation or sanitization steps to ensure that instructions hidden within the user's input do not manipulate the content of the generated PRDs or implementation specs.
Audit Metadata