brainstorming
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill documentation and logic are focused on a legitimate brainstorming workflow and do not contain malicious instructions, obfuscation, or data exfiltration attempts.
- [COMMAND_EXECUTION]: The skill instructs the agent to run a shell command to ensure the .artifacts directory is excluded from Git tracking using grep and echo into .git/info/exclude in converge.md. This is a standard environment management task.
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection as it integrates external data into its workflow. \n
- Ingestion points: User prompts and local codebase files referenced in discovery.md. \n
- Boundary markers: The skill lacks explicit separators or instructions to the model to ignore embedded commands within ingested data. \n
- Capability inventory: The agent can read from the codebase (discovery.md), execute shell commands (converge.md), and write markdown artifacts (converge.md). \n
- Sanitization: No validation or sanitization mechanisms are implemented for the ingested content.
Audit Metadata