brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from the project's files and commit history.
- Ingestion points: The skill instructions in SKILL.md direct the agent to check files, docs, and recent commits to understand the project context.
- Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the files or commit messages being read.
- Capability inventory: The skill includes the capability to write design documents to the file system, commit changes to git, and invoke other functional skills for environment setup and implementation planning.
- Sanitization: The skill does not specify any sanitization, validation, or filtering of the content retrieved from the project context before it is used to influence the design process.
Audit Metadata