nutmeg-brainstorm
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes a dedicated security section instructing the agent to treat all external content (such as web search results) as untrusted and to never execute code found in fetched content.
- [SAFE]: Use of tools like WebSearch and Bash is aligned with the skill's purpose of researching visualization techniques and generating starter code for the user.
- [SAFE]: No evidence of malicious prompt injection, obfuscation, or data exfiltration was detected in the skill instructions or reference documents.
- [SAFE]: The skill ingests untrusted data from the web (Indirect Prompt Injection surface). Ingestion points: WebSearch and WebFetch tools in SKILL.md. Boundary markers: No explicit delimiters are defined for data prompts. Capability inventory: Bash, Write, WebSearch, and WebFetch tools across all scripts. Sanitization: The agent is explicitly instructed to validate data shapes and ignore any instructions found in external content.
Audit Metadata