brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill instructions. The skill operates within the local project scope using standard tools and requires explicit user approval before performing key actions.
- [COMMAND_EXECUTION]: The skill uses basic shell commands like
ls,mkdir, andgitfor legitimate project organization and version control, adhering to standard development workflows. - [PROMPT_INJECTION]: Evaluated for indirect prompt injection surface due to reading project files. The risk is minimal as the skill is designed for documentation and specification creation, and includes mandatory human-in-the-loop review gates.
- Ingestion points: Project source code,
specs/directory,brainstorm/directory, and.specify/memory/constitution.md. - Boundary markers: None explicitly defined for file reading operations.
- Capability inventory: Local file system access (
mkdir), version control (git add,git commit), and execution of specialized internal tools (/speckit.*). - Sanitization: None specified for data read from local project files.
Audit Metadata