brainstorming
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is susceptible to indirect prompt injection by processing untrusted data with privileged output capabilities. * Ingestion points: Reads project files, documentation, and git history. * Boundary markers: None present; no instructions to the agent to disregard instructions within ingested files. * Capability inventory: File system write access (to
docs/plans/) and git commit execution. * Sanitization: No validation or escaping of external content before processing. - [Command Execution] (LOW): Uses git commit and suggests git worktree operations, which are standard developer tasks but involve repository modification.
Recommendations
- AI detected serious security threats
Audit Metadata