brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because its core functionality depends on ingesting untrusted data from markdown files.
- Ingestion points: As specified in
SKILL.md, the agent is instructed to 'Ask the user to upload/provide the latest version file' to continue projects and to reference other files in 'Connected Mode'. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill's directives for processing these files.
- Capability inventory: The skill allows the agent to read and write markdown files within the user's workspace; it does not include executable code, network access, or system-level command execution.
- Sanitization: There are no instructions for validating or sanitizing the content of ingested files before they are processed as context by the LLM.
- [NO_CODE]: The skill is comprised entirely of markdown-based instructions, reference guides, and templates, with no executable scripts or binary files included.
Audit Metadata