Skills
skills/dxc-danny/superpowers-cn/brainstorming/Gen Agent Trust Hub

brainstorming

Warn

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a Node.js-based web and WebSocket server (scripts/server.cjs) via a helper Bash script (scripts/start-server.sh). This server is used to host a 'visual companion' in the browser. While it binds to localhost by default, documentation encourages binding to 0.0.0.0 in certain environments, which exposes the service to the local network.
  • [DATA_EXFILTRATION]: There is a risk of project data exposure. The agent is instructed to write design details, mockups, and requirements into HTML files served by the aforementioned web server. If the agent inadvertently includes sensitive information (e.g., secrets or private configuration discovered during its 'context exploration' phase) in these files, that data becomes accessible via the web server's port.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. A core step of the brainstorming process involves reading files, documents, and recent commits from the current project to understand context. Malicious instructions placed in these project files could manipulate the agent's behavior during the brainstorming session, potentially leading it to skip safety gates or generate malicious implementation plans.
  • Ingestion points: SKILL.md instructs the agent to 'check files, documents, recent commits' as the first step of the process.
  • Boundary markers: No explicit instructions are provided to the agent to ignore or delimit instructions found within the project files being analyzed.
  • Capability inventory: The skill can execute shell scripts, start a background web server, write arbitrary files to the project directory and temporary session folders, and call the writing-plans skill to initiate implementation.
  • Sanitization: No sanitization or validation logic is defined for the content read from project files before it is processed or presented in the visual companion.
  • [EXTERNAL_DOWNLOADS]: The scripts/frame-template.html file contains a hardcoded link to an external GitHub repository (github.com/obra/superpowers). This is a static reference and does not involve automated downloads or execution at runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 7, 2026, 09:49 AM
Security Audit — agent-trust-hub — brainstorming