brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from the local project environment which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: The process requires checking the 'current project state (files, docs, recent commits)' to understand context (SKILL.md).
- Boundary markers: No delimiters or isolation instructions are present to distinguish between project data and the agent's operational instructions.
- Capability inventory: The skill is capable of writing files to the 'docs/plans/' directory, committing changes via git, and invoking other functional skills like 'superpowers:using-git-worktrees'.
- Sanitization: There is no evidence of content validation or sanitization for the project data read by the skill.
Audit Metadata