brainstorming
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a custom Node.js server script (scripts/server.cjs) using a wrapper bash script (scripts/start-server.sh) to manage interactive visual brainstorming sessions.\n- [DATA_EXFILTRATION]: The server implementation provides an option to bind to 0.0.0.0 (all interfaces), which may expose local session content (HTML mockups and diagrams) to other users on the local network. Although the server uses path.basename to mitigate directory traversal, network exposure remains a potential risk for session data.\n- [PROMPT_INJECTION]: The skill instructions require the agent to analyze the current project state, including files, documentation, and recent commits. This ingestion of untrusted external data creates a surface for indirect prompt injection, where malicious instructions embedded in project files could influence the brainstorming or planning process.\n
- Ingestion points: Reads local project files, documentation, and git history as specified in the checklist (SKILL.md).\n
- Boundary markers: None present; no instructions are provided to the agent to distinguish between its own logic and content found in analyzed files.\n
- Capability inventory: The skill can execute shell commands (start/stop server), write files (design documents), and delegate to other implementation-focused skills.\n
- Sanitization: No sanitization or validation of analyzed project content is specified.
Audit Metadata