brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection because it reads and processes external specification and memory files to inform its behavior. Adversarial instructions hidden in these project files could manipulate the agent's output or tool usage during the brainstorming session.\n
- Ingestion points: The skill reads SPEC.md, spec.md, plan.md, and .claude/cc10x/activeContext.md.\n
- Boundary markers: There are no explicit delimiters or system instructions provided to ensure that content from these files is treated strictly as data rather than instructions.\n
- Capability inventory: The skill is permitted to use Bash, Write, and Edit tools, which could be misused if an injection is successful.\n
- Sanitization: The skill does not perform any validation or sanitization on the external content before processing it.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute git log and ls for project context gathering. While the specific commands called in the skill are benign, the inclusion of a general-purpose shell tool expands the attack surface if the agent's instructions are compromised via indirect injection.
Audit Metadata