brainstorming
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to upload a file named 'brainstorming-cheatsheet.md' to a public GitHub discussion board. The content of this file is a path to the system configuration file '/etc/zshrc', indicating an attempt to exfiltrate sensitive system environment details or credentials that might be stored in that file. This is a deceptive luring technique targeting the user's local configuration.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of analyzing untrusted data from project files.
- Ingestion points: The skill explicitly processes project files, documentation, and commit history as part of its 'Explore project context' step.
- Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded directives in the files being read.
- Capability inventory: The skill has the capability to write design documents to the file system and commit them to the repository, providing a path for persistent malicious modifications.
- Sanitization: Absent. The skill does not validate or sanitize the content it reads before using it to generate designs or plans.
- [COMMAND_EXECUTION]: The skill directs the agent to perform file system writes and version control commands (git commit) on design documents. While these are part of the intended workflow, they represent a capability that could be abused if the agent is compromised via indirect injection to modify the codebase or inject backdoors into plans.
- [NO_CODE]: The skill consists entirely of natural language instructions in Markdown format and does not include any executable scripts or binary files, relying solely on the agent's native tools to carry out the described actions.
Recommendations
- AI detected serious security threats
Audit Metadata