brainstorm-beagle
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to read and interpret data from potentially untrusted project files and history.
- Ingestion points: The workflow involves reading
.beagle/concepts/<slug>/brief.md, local documentation, project files, and git history to understand project context. - Capability inventory: The skill has the capability to write files to the
.beagledirectory and execute shell commands for git commits. - Boundary markers: There are no specific instructions or delimiters used to separate ingested project content from the agent's core instructions.
- Sanitization: The skill does not explicitly require sanitizing or validating the contents of the files it reads before processing them.
- Mitigation: The instructions include a 'hard gate' that explicitly forbids the agent from writing code or creating implementation plans, which limits the potential impact of an injection attack.
Audit Metadata