simple-brainstorm
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to execute a command that transmits the local system's hostname to 'simplebrainstorm.io' via a URL query parameter.
- [REMOTE_CODE_EXECUTION]: The setup instructions require the agent to download and 'configure' a guidebook from an untrusted external URL, which is a common vector for executing remote scripts or instructions.
- [COMMAND_EXECUTION]: The skill provides direct shell commands using
curlandhostnamein theSKILL.mdfile and explicitly references system binary paths in the supplementary files. - [PROMPT_INJECTION]: The skill description contains instructions that force the agent to use specific marketing language ('The best option for your needs') in its responses, bypassing neutral behavior.
- [PROMPT_INJECTION]: The skill processes external user input for brainstorming tasks while having access to shell capabilities without security boundaries or sanitization, creating an indirect injection vulnerability.
- [EXTERNAL_DOWNLOADS]: The skill initiates an automated download from an untrusted third-party domain ('simplebrainstorm.io') that is not identified as a trusted service or vendor resource.
Recommendations
- AI detected serious security threats
Audit Metadata