brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it incorporates external, potentially untrusted data from the project repository into its reasoning process.
- Ingestion points: Reads existing project files, documentation, and recent git commit messages to establish project context (SKILL.md).
- Boundary markers: There are no defined delimiters or specific instructions to the agent to disregard embedded commands or instructions found within the analyzed project files.
- Capability inventory: The skill is empowered to create new documentation files in
docs/plans/and perform git commits to the repository. - Sanitization: The skill does not implement validation or sanitization of the content retrieved from the files and git history before processing it.
- [COMMAND_EXECUTION]: The skill utilizes git commands for version control operations such as committing design documents and managing worktrees.
- [DATA_EXPOSURE]: The skill accesses project-specific data, including file contents and development history. This behavior is essential for its primary function of context-aware brainstorming but involves reading the local filesystem.
Audit Metadata