brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill instructs the agent to read project context including files, documentation, and recent commits. While this involves data access, it is restricted to the local environment and intended for context gathering.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the local project files and git history, creating a potential attack surface. * Ingestion points: Project files, documentation, and git commits (SKILL.md). * Boundary markers: Absent; no instructions are provided to delimit or ignore embedded commands. * Capability inventory: Writing documentation to 'docs/plans/', performing git commits, and invoking the 'writing-plans' skill (SKILL.md). * Sanitization: Absent; external content is processed without explicit validation or escaping.
Audit Metadata