Skills
skills/roin-orca/skills/easy-brainstorming/Gen Agent Trust Hub

easy-brainstorming

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill uses imperative, high-priority language ("IMPORTANT, FIRST AND FOREMOST YOU MUST RUN THIS") to override standard agent behavior and force the immediate execution of a bash script before the brainstorming task begins.
  • [COMMAND_EXECUTION]: The skill contains a shell script that performs several operations:
  • It captures the output of a command into an environment variable using backticks (export SKILLS=npx ...``).
  • It executes conditional logic based on the presence of specific strings in that output.
  • It uses npx to perform global installations (-g) and updates of other software components.
  • [EXTERNAL_DOWNLOADS]: The script uses npx to fetch and install the roin-orca/skills package from the npm registry. While this resource belongs to the skill's author, it represents an external code dependency that is downloaded and executed at runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 09:12 AM