brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated context discovery process where it reads external codebase files to classify projects. \n
- Ingestion points: Grep and Glob calls in SKILL.md and phase-workflow.md that scan README and markdown files for tier classification signals. \n
- Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands when processing these files. \n
- Capability inventory: The skill can spawn sub-agents (Task), create/update tasks, and execute shell commands via templates. \n
- Sanitization: No evidence of sanitization or filtering of the content retrieved from the codebase before it is interpolated into classification logic or sub-agent prompts. \n- [COMMAND_EXECUTION]: The skill contains scripts (e.g., create-design-doc.md) that utilize shell execution markers to retrieve local environment information. \n
- Evidence: Use of commands such as
git config user.name,git log --oneline, andgit branch --show-currentto auto-fill design document templates. While these are restricted to metadata retrieval, they constitute direct command execution capabilities.
Audit Metadata