cs-brainstorm
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by summarizing user input from brainstorming sessions and writing it to
{slug}-brainstorm.mdfiles. These files are intended for consumption by downstream skills likecs-feat-design, creating a vector where malicious user content could influence subsequent agent actions. \n - Ingestion points: User input provided during the brainstorming and triage dialogue as described in
SKILL.md.\n - Boundary markers: No explicit delimiters or instructions are provided to separate untrusted user content from architectural or design requirements in the generated files.\n
- Capability inventory: The skill utilizes
glob,grep, and file system read/write operations (as described inSKILL.md) to manage project documentation.\n - Sanitization: There is no evidence of sanitization or validation of the user's input before it is summarized and persisted to the file system.\n- [COMMAND_EXECUTION]: The skill performs file system management tasks including directory creation (
mkdir) and file writing based on user-supplied strings (slug) for project organization.
Audit Metadata