brainstorm
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection through unvalidated user input.
- Ingestion points: User input in the interactive Phase 1 is captured and summarized.
- Boundary markers: No delimiters or safety instructions are used when interpolating this summary into subagent prompts or file content.
- Capability inventory: The skill can create files in various system directories and trigger the /kickoff workflow using a subagent.
- Sanitization: No filtering of user-provided content is performed before use in privileged operations.
Recommendations
- AI detected serious security threats
Audit Metadata