brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a project-local Python script (python3 ./.trellis/scripts/task.py) to initialize task structures within the working directory. This is an integral part of the workflow provided by the author mindfold-ai.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated processing of untrusted content. 1. Ingestion points: Processes data from user messages and various repository files, including code, documentation, and configuration files. 2. Boundary markers: No explicit delimiters are defined in the instructions to prevent the agent from following commands embedded in the ingested repository content. 3. Capability inventory: The agent has the capability to execute shell commands (python3) and perform file-write operations to update prd.md. 4. Sanitization: There is no mention of sanitizing or validating retrieved content before it is used to drive the brainstorming logic.
Audit Metadata