ce-ideate
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill accepts user-provided input through the
$ARGUMENTSvariable, which is mapped to a{focus_hint}. This hint is directly interpolated into prompts for internal sub-agents in Phase 1 (Quick context scan) and Phase 2 (Divergent Ideation). If the input contains adversarial instructions, it could potentially manipulate the sub-agents' output or behavior. - Ingestion points: The
#$ARGUMENTSvalue inSKILL.mdis the entry point for untrusted data. - Boundary markers: While the skill uses
<focus_hint>tags internally, the interpolation into sub-agent instructions (Focus hint: {focus_hint}) lacks explicit delimiters or instructions to ignore embedded commands. - Capability inventory: The skill possesses the ability to perform file searches (
Glob), read documentation, write ideation artifacts to thedocs/ideation/directory, and invoke specialized research sub-agents. - Sanitization: No evidence of sanitization, validation, or escaping of the user-provided arguments was found before they are passed to downstream processes.
Audit Metadata