brainstorming
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from untrusted sources in the local environment to establish project context.
- Ingestion points: The process flow includes a step to explore project context by reading existing files, documentation, and recent commit messages in SKILL.md.
- Boundary markers: There are no instructions to use specific delimiters or to disregard instructions contained within the analyzed files.
- Capability inventory: The skill has the ability to write files to the local disk (design documents) and perform git commits.
- Sanitization: The skill does not implement sanitization or validation of the content read from external files before it is processed by the agent.
Audit Metadata