brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and processing untrusted data.
- Ingestion points: Data enters the agent's context through tools like
hyperpowers:codebase-investigator(reading files),hyperpowers:internet-researcher(fetching web content), and user-provided answers via theAskUserQuestiontool. - Boundary markers: While the skill organizes data into structured sections like 'Research Findings' and 'Design Discovery' in the generated epic, it lacks explicit delimiters or instructions to treat external data as untrusted or to ignore embedded control instructions.
- Capability inventory: The skill possesses the capability to execute commands through the
bdCLI tool (to create epics and tasks) and to trigger downstream execution by handing off tasks to thehyperpowers:executing-plansskill. - Sanitization: There is no documented mechanism for sanitizing or validating content retrieved from external sources before it is interpolated into commands or design documents.
Audit Metadata