brainstorming
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to manage the brainstorming workflow. This includes the global installation of the
agent-browserpackage and subsequent CLI commands to open local HTML files and capture annotated screenshots. - [EXTERNAL_DOWNLOADS]: The documentation directs the agent to download and install an external dependency (
agent-browser) from the public npm registry. This is part of the established workflow for generating visual mockups. - [DATA_EXPOSURE]: The agent is tasked with reading project context, including local source files, documentation, and git history. While intended for providing relevant design feedback, this grants the agent read access to potentially sensitive project data.
- [PROMPT_INJECTION]: The skill operates on untrusted project data, creating a surface for indirect prompt injection. \n
- Ingestion points: The agent reads local files, docs, and commits in SKILL.md (Design Mode Step 1). \n
- Boundary markers: None explicitly defined in the instructions. \n
- Capability inventory: The agent can execute shell commands, write to the temporary filesystem, and use a headless browser tool as described in REFERENCE.md. \n
- Sanitization: No specific sanitization or filtering logic is provided for the ingested data. \n The risk is significantly mitigated by the 'Hard Gate' policy requiring human approval for all designs before implementation.
Audit Metadata