brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill launches a local Node.js server using shell scripts (
start-server.sh,stop-server.sh) to render and serve visual design elements in a browser.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests project files and documentation to understand the existing context, which could contain malicious instructions.\n - Ingestion points: Project files, documentation, and commit history are read from the file system during the initial exploration phase defined in SKILL.md.\n
- Boundary markers: There are no explicit markers or delimiters used to separate project data from the agent's primary instructions.\n
- Capability inventory: The skill can write files to the project directory, run a local web server, and trigger subagent reviews.\n
- Sanitization: No validation or sanitization of the ingested project data is performed before processing.
Audit Metadata