brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool with curl to explore and test API endpoints during the technical design phase.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external websites and local files to inform its design proposals. 1. Ingestion points: Data enters via WebFetch, WebSearch, and Read operations on local project files. 2. Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish between data and instructions within the ingested content. 3. Capability inventory: The agent has access to Bash for command execution, Write for file modification, and network access tools. 4. Sanitization: The instructions do not specify any validation or sanitization requirements for the content retrieved from external or local sources.
Audit Metadata