brainstorming
Audited by Gen Agent Trust Hub on Feb 12, 2026
The SKILL.md file is purely instructional markdown and does not contain any executable code or scripts within itself. This is a positive indicator, as the skill's own content is not directly malicious.
However, the skill instructs the AI agent to perform actions that involve command execution and relies on other skills:
-
Unverifiable Dependencies (MEDIUM): The skill explicitly references other skills such as
elements-of-style:writing-clearly-and-concisely,superpowers:using-git-worktrees, andsuperpowers:writing-plans. The content and behavior of these referenced skills are not provided for analysis. This means the full security implications of this skill cannot be assessed without auditing these dependencies. If any of these referenced skills contain vulnerabilities or malicious code, they could be exploited when invoked by this brainstorming skill. -
Command Execution (Indirect Risk): The skill instructs the agent to perform actions like 'Commit the design document to git' and 'Use superpowers:using-git-worktrees'. These instructions imply the agent will execute underlying commands (e.g.,
git commit) via the referencedsuperpowersskills. While the instructions themselves are benign, the execution mechanism involves invoking external tools/skills. The risk is that if the referencedsuperpowersskills are compromised or designed maliciously, they could lead to arbitrary command execution. -
Indirect Prompt Injection (INFO): The skill is designed to process external content, specifically by instructing the agent to 'Check out the current project state first (files, docs, recent commits)' and engage in 'natural collaborative dialogue' with user input. If these external inputs (project files, user prompts) contain malicious instructions, the agent could be susceptible to indirect prompt injection, potentially leading to unintended or harmful actions.
No direct prompt injection patterns, data exfiltration attempts, obfuscation, privilege escalation, persistence mechanisms, metadata poisoning, or time-delayed/conditional attacks were detected within the SKILL.md file itself.