brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its requirement to ingest external, untrusted data during the initial project exploration phase.
- Ingestion points: In SKILL.md, the 'Checklist' and 'Process Flow' instruct the agent to 'Explore project context' by reading local files, documentation, and recent git commits. If these files contain malicious instructions, they could influence the agent's behavior.
- Boundary markers: The skill does not provide any specific delimiters or instructions to the agent to treat information gathered from project files as data rather than instructions, nor does it warn to ignore embedded commands within those files.
- Capability inventory: The skill allows the agent to write new files to the local disk (
docs/drafts/) and execute git commit commands, providing a path for potentially malicious instructions to persist or propagate changes. - Sanitization: There is no evidence of content validation, escaping, or filtering for the data retrieved from the project context before it is incorporated into the agent's reasoning process.
Audit Metadata