brainstorming
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts (scripts/start-server.sh, scripts/stop-server.sh) and a Node.js script (scripts/server.cjs) to run a local web server for the 'Visual Companion' feature. This is part of the core functionality for providing a graphical interface to the user.
- [DATA_EXFILTRATION]: A local web server captures user interaction events (clicks) and writes them to a local file (.events). The server also provides access to files within a specific session directory. While the server defaults to localhost, the documentation suggests it can be configured to bind to all interfaces, which would expose the session files (mockups) to the local network.
- [PROMPT_INJECTION]: The skill employs a 'spec review loop' where a sub-agent reviews a design document generated from user-provided ideas. This architecture is susceptible to indirect prompt injection, as malicious instructions embedded in the initial user request could potentially influence the sub-agent's behavior during the review phase.
Audit Metadata