brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted data from the local project environment.
- Ingestion points: The skill explicitly instructs the agent to 'Check out the current project state first (files, docs, recent commits)', which may contain content from untrusted sources.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potential commands embedded within the analyzed project files.
- Capability inventory: The skill can write files to the local file system (
docs/plans/) and execute git commands (git commit), providing a path for malicious instructions to persist or affect the codebase. - Sanitization: There is no mention of sanitizing or validating the content read from the project state before it is used to generate designs or write new files.
Audit Metadata