Skills
skills/first-fluke/fullstack-starter/oma-brainstorm/Gen Agent Trust Hub

oma-brainstorm

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest user ideas and intent to guide its brainstorming process, which represents an indirect prompt injection attack surface.
  • Ingestion points: User-provided feature ideas and responses to clarifying questions in Phases 1 and 2 (SKILL.md).
  • Boundary markers: The skill does not specify markers or delimiters to isolate user-provided data from its core instructions.
  • Capability inventory: The skill has the capability to write approved design documents to the docs/plans/ directory (SKILL.md).
  • Sanitization: There are no instructions for validating or sanitizing user-provided content before it is incorporated into documentation.
  • [SAFE]: No other threats were identified. The skill does not perform network operations, use hardcoded credentials, or implement persistence mechanisms. All referenced shared resources and vendor execution protocols are consistent with the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 09:41 AM