brainstorm
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: Untrusted data enters the workflow via the initial project topic in Phase 1 and subsequent user responses to interactive questions in Phases 2 and 3.
- Boundary markers: The workflow uses markdown headers to structure the guidance specification and role analyses, but it lacks dedicated markers or system instructions to wrap and isolate user-controlled strings from being interpreted as instructions by sub-agents.
- Capability inventory: The skill possesses high capabilities, including tool access to
Bash(*),Write(*),Edit(*), and the ability to orchestrate specializedAgentandSkillinvokes. - Sanitization: There is no evidence of validation or sanitization of user-provided project topics or Q&A responses before they are interpolated into the context and prompts for specialized agents like the
conceptual-planning-agent.
Audit Metadata