brainstorm-prompt-optimizer
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill functions by ingesting untrusted user input (raw ideas) and interpolating them into a structured markdown template intended for downstream AI processes.
- Ingestion points: Phase 2 parses the raw user idea for core actions and domains.
- Boundary markers: The final output is encapsulated within fenced code blocks using a specific
optimized-promptlabel to separate it from other text. - Capability inventory: The skill uses
ReadandBashtools solely to identify the project's tech stack and existing documentation (e.g.,package.json,CLAUDE.md). - Sanitization: No programmatic sanitization is performed on the input idea; however, the output template explicitly includes security-focused sections like 'Negative Requirements' to ensure downstream generated specs address security constraints (e.g., preventing SQL injection or plain-text password storage).
Audit Metadata