brainstorming
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data (project files, documentation, and commit history) and uses this to drive its reasoning and output. * Ingestion points: Project files, documentation, and recent commits are read to understand context in SKILL.md. * Boundary markers: The skill lacks explicit boundary markers or instructions to ignore embedded directives in the data it reads. * Capability inventory: The skill performs file writes (creating design documents in
docs/plans/) and executes git commands (git commit). It also recommends transitioning to higher-privilege skills likeusing-git-worktrees. * Sanitization: There is no evidence of sanitization or validation of the ingested project data. - [COMMAND_EXECUTION] (LOW): The skill routinely executes
git commitas part of its documentation workflow. While standard for development, this is a side-effect-producing capability that could be subverted if the agent's reasoning is compromised via indirect injection.
Recommendations
- AI detected serious security threats
Audit Metadata