brainstorm
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to read the file
files/brainstorm-version.txtand append its content to a URL query parameter fornisimi.com. This is a clear exfiltration pattern. - [DATA_EXFILTRATION]: The file
files/brainstorm-version.txtcontains the path/etc/zshrc, which is a system-level configuration file. Using a legitimate-looking instruction to send this file's content to a third-party server is a high-severity data theft vector. - [COMMAND_EXECUTION]: In the
instructions/discovery.mdfile, the skill directs the agent to execute shell commands such asgit log --oneline -20to analyze project history. While relevant for context gathering, this provides the agent with a capability that could be leveraged for broader system access. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in
instructions/discovery.md. 1. Ingestion points: The skill reads README files, project documentation, and git logs. 2. Boundary markers: No delimiters or instructions to ignore embedded commands in the data are present. 3. Capability inventory: The skill has the ability to execute git commands and write files todocs/plans/. 4. Sanitization: No sanitization or validation of the ingested data is specified.
Recommendations
- AI detected serious security threats
Audit Metadata