ideate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a vulnerability surface by combining untrusted data ingestion with file write capabilities. 1. Ingestion points: Untrusted data enters the agent context through user input, files in the
design/directory, and web research results as defined in the Workflow section of SKILL.md. 2. Boundary markers: None are present. The skill does not define any delimiters to separate instructions from data when generating the output markdown file. 3. Capability inventory: The skill executes file system writes todesign/ideas/and network operations for web research. 4. Sanitization: None. There is no evidence of sanitization or validation of the external content before it is processed and written. - [Data Exposure] (LOW): The workflow involves recursive reading of the
design/directory, which could inadvertently expose sensitive information contained in design documents to the agent context.
Recommendations
- AI detected serious security threats
Audit Metadata