brainstorming
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to 'Check out the current project state first (files, docs, recent commits)' to inform its brainstorming process. This is a significant vulnerability surface where malicious instructions hidden in the codebase or commit history could hijack the agent's behavior.
- Ingestion points: Local project files, documentation, and git commit history (specified in SKILL.md).
- Boundary markers: Absent. The skill does not define delimiters to separate project data from its own instructions.
- Capability inventory: Writing design documents to the file system (
docs/plans/) and executinggit commitoperations. It also invokes other skills likesuperpowers:writing-plans. - Sanitization: None. The skill processes external project content without validation or filtering.
- Command Execution (LOW): The skill explicitly directs the agent to 'Commit the design document to git'. While a legitimate development workflow, it grants the agent the ability to modify the repository history based on instructions that could be influenced by external project data.
- Data Exposure (LOW): By design, the skill accesses all project files and documentation. While no external exfiltration is explicitly scripted, the exposure of sensitive local project information to the LLM context is inherent to its function.
Recommendations
- AI detected serious security threats
Audit Metadata