ce-brainstorm
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill includes a 'Share to Proof' feature that reads the content of a generated brainstorm document and transmits it to
https://www.proofeditor.ai/share/markdownvia an HTTP POST request. Because these documents are synthesized from repository research and user dialogue, they may contain sensitive internal project logic and architectural patterns. This transmission targets a domain not recognized as a trusted source. - [COMMAND_EXECUTION]: In Phase 4, the skill executes shell commands (
cat,jq,curl) to process and transmit data. This pattern involves interpolating file contents into command-line arguments, which is a sensitive capability that can be exploited if file contents are manipulated. - [EXTERNAL_DOWNLOADS]: The skill performs outbound network requests to
www.proofeditor.ai, which is an external domain not recognized as a trusted or well-known service in the security configuration. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8). It ingests untrusted data from repository research and user-provided descriptions, which are then processed and potentially transmitted via shell commands. Malicious instructions embedded in the repository or input could attempt to influence the data sharing process or document content.
Audit Metadata