flow-brainstorm
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses instructional language to enforce a specific design process and user-approval workflow. The patterns flagged by static analysis as concealment are benign behavioral pacing instructions designed to ensure the agent stops for user input at specific 'session gates' and 'handoff gates' before performing further operations.
- [COMMAND_EXECUTION]: There are no shell commands, subprocess calls, or script execution instructions within the skill.
- [DATA_EXFILTRATION]: The skill reads project files to understand context and writes markdown documentation to local directories. There are no network operations or patterns suggesting data exfiltration or sensitive credential access.
- [SAFE]: The skill accesses local files, documentation, and commit history to provide context for brainstorming (Category 8 surface). Ingestion points: Reads files and commits in step 1 of SKILL.md. Boundary markers: No explicit markers described. Capability inventory: Restricted to file reads and markdown file writes in SKILL.md. Sanitization: None mentioned. Since the skill has no code execution or network capabilities, this ingestion surface is considered safe.
Audit Metadata