brainstorm
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from user input ($ARGUMENTS) and codebase content (via Grep and Read) and interpolates it into the system prompts of dynamically spawned subagents. * Ingestion points: User-supplied topic strings and codebase search results. * Boundary markers: Absent; data is directly embedded in agent prompts. * Capability inventory: The skill can create tasks, write files, and execute shell commands. * Sanitization: No validation or sanitization is performed on external inputs before interpolation.
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (the !command syntax) to execute local shell commands. * Evidence: Usage of
!date,!git config user.name, and!git branchin SKILL.md and design document templates. * Context: These commands are used solely to populate metadata fields in generated documentation. * Risk: The commands are hardcoded to benign utility tools, posing no significant security risk in their current implementation.
Audit Metadata