brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands in
scripts/create-design-doc.mdandSKILL.mdto retrieve project metadata. These includedatefor timestamps andgitcommands (git config,git branch,git log,git rev-parse) to identify the author and current repository state. These are benign utility operations used to populate design templates and do not present a security risk. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its project context discovery phase. In
SKILL.mdandreferences/phase-workflow.md, the agent is instructed to scan the codebase usingGrep,Glob, andReadto determine the project tier. Maliciously crafted content within the analyzed repository (e.g., instructions hidden in aREADME.mdor source comments) could potentially influence the agent's behavior during the brainstorming process. This is documented as a vulnerability surface inherent to codebase-aware agents. - [PROMPT_INJECTION]: The skill instructions in
SKILL.mdandreferences/phase-workflow.mduse strong steering language (e.g., 'CRITICAL', 'MANDATORY', 'DIVERGENT MODE') to manage the agent's behavior and sub-agent tasking. These instructions are focused on ensuring a thorough brainstorming process and do not attempt to bypass safety guidelines or override system prompts.
Audit Metadata