workflows-brainstorm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill interpolates user-provided input from '#$ARGUMENTS' directly into the prompt context within '<feature_description>' tags. A malicious user could attempt to include instructions to bypass the brainstorming phases or manipulate the generated documentation, although the impact is mitigated by the skill's specific focus on exploration rather than execution.
- Indirect Prompt Injection (LOW):
- Ingestion points: The '#$ARGUMENTS' placeholder in 'SKILL.md' acts as a direct entry point for untrusted user data.
- Boundary markers: The input is encapsulated within '<feature_description>' tags, which provides some structural delimitation for the LLM.
- Capability inventory: The skill possesses the ability to perform repository research (read-only) and write markdown files to the 'docs/brainstorms/' directory.
- Sanitization: No explicit sanitization or instructions to ignore nested commands within the user input are provided.
- Command Execution (SAFE): The skill explicitly mandates 'NEVER CODE!' and limits the agent to dialogue and documentation tasks. No shell execution or arbitrary command patterns were detected.
- Data Exposure (SAFE): While the skill reads repository patterns, it does not access sensitive credential files or perform network operations to external domains.
Audit Metadata