brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates entirely within a local environment, reading project metadata and writing markdown artifacts without performing network operations or accessing sensitive system files like credentials or SSH keys.- [SAFE]: A specific
<HARD-GATE>directive is implemented to strictly prohibit the generation of code or the creation of implementation files outside the designated artifact folder during the brainstorming process.- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted data from the local codebase and artifact files. - Ingestion points: Step 1 and Step 2 involve reading
goal-definition.md,context-map.md, and scanning the broader codebase for existing patterns and libraries. - Boundary markers: The instructions do not define specific delimiters or 'ignore' instructions for the data being read from the codebase.
- Capability inventory: The skill is limited to reading files, writing markdown documentation to a specific artifact directory, and interacting with the user. It lacks dangerous capabilities such as shell execution, subprocess spawning, or external network requests.
- Sanitization: No sanitization or escaping of the ingested codebase content is performed before the agent processes it for brainstorming.
Audit Metadata