brainstorming
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a process-oriented set of instructions for design workflows. It does not perform network operations, execute remote code, or access sensitive credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill explores project context by reading local files, documentation, and recent git commits. This is a common surface for indirect prompt injection if those files contain malicious instructions; however, the skill's rigid process flow and lack of direct execution capabilities minimize the impact. The severity is low as this is standard functionality for development-focused agents.
- [COMMAND_EXECUTION]: The skill involves committing design documentation to a git repository and writing files to the local directory
docs/plans/. These are expected actions for a documentation-focused skill and do not pose a security risk in this context.
Audit Metadata