cmd-brainstorm
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-controlled data into a prompt for coordinating multiple agents.
- Ingestion points: Untrusted data enters the agent context through the {{INPUT}} variable in SKILL.md.
- Boundary markers: Absent; there are no delimiters (e.g., triple quotes, XML tags) or system instructions to ignore embedded commands within the user input.
- Capability inventory: The skill coordinates parallel agents to generate and evaluate solutions, but it does not define or restrict the tools available to those agents, potentially allowing them to act on malicious instructions.
- Sanitization: No validation, escaping, or filtering is performed on the user-supplied input before it is processed.
Audit Metadata