workflows-brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it directly interpolates untrusted user input into the agent's instructions and tool parameters.
- Ingestion points: The $ARGUMENTS variable is used to define the feature_description, which is then passed to research tools and written to the file system.
- Boundary markers: The skill uses XML-style <feature_description> tags to delimit user input, but it lacks instructions for the agent to ignore or sanitize potentially malicious commands embedded within that input.
- Capability inventory: The skill has the capability to run repository research tasks (repo-research-analyst) and perform file system writes (writing brainstorming documents to the docs/brainstorms/ directory).
- Sanitization: There is no evidence of input validation, filtering, or escaping of the user-provided description before it is utilized in the brainstorming workflow.
Audit Metadata