brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it is instructed to ingest data from external project files, documentation, and commit history. Malicious content within these sources could potentially influence the agent's reasoning or steer the design process toward vulnerable configurations.\n
- Ingestion points: Specifically identifies 'files, docs, recent commits' as sources to understand the project state.\n
- Boundary markers: Absent; there are no instructions provided to distinguish between the agent's core instructions and the data retrieved from project files.\n
- Capability inventory: The skill's capabilities are limited to structured dialogue via the
AskUserQuestiontool and invoking theoracleskill. It does not possess direct file-write or shell execution permissions.\n - Sanitization: No data validation or sanitization of project content is mentioned in the instructions.
Audit Metadata