brainstorming
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Node.js server (
scripts/server.cjs) via a bash wrapper (scripts/start-server.sh). This server is used to host a 'Visual Companion' interface for displaying mockups and diagrams. By default, it binds to 127.0.0.1 on a random high port. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its project context exploration phase. It is instructed to read local files, documentation, and git commits to understand the project's current state.
- Ingestion points:
SKILL.mddirects the agent to 'Explore project context — check files, docs, recent commits'. - Boundary markers: The skill does not implement delimiters or 'ignore embedded instructions' markers when reading these external files.
- Capability inventory: The skill has the ability to write design documents to the file system, execute local shell commands (starting the server), and trigger the
writing-plansskill. - Sanitization: There is no evidence of content sanitization or validation for the data ingested from the project environment.
Audit Metadata