brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill automates task lifecycle management by executing local Python scripts located in the .trellis/scripts directory. These commands are used to maintain consistency between the agent's work and the project's internal state.
- [DATA_EXFILTRATION]: Includes an optional step to synchronize task metadata with the Linear project management platform. This is a legitimate integration with a well-known service intended for developer productivity.
- [SAFE]: The skill possesses a surface for indirect prompt injection as it processes user task descriptions to generate PRD documents. Ingestion point: User-provided task descriptions. Boundary markers: None. Capability inventory: Local file writing and script execution via task.py. Sanitization: Not explicitly documented.
Audit Metadata