deep-brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted user data and conversation context.
- Ingestion points: User input for idea capture and full conversation history via 'context: fork' (referenced in SKILL.md).
- Boundary markers: Absent; there are no instructions to the agent to delimit or ignore instructions embedded within the user's provided idea or reference materials.
- Capability inventory: File read/write operations within the 'docs/brainstorms/deep/' directory and the ability to spawn 'web-search-researcher' subagents.
- Sanitization: None; the skill does not validate or sanitize the content of the ideas or materials provided by the user.
- [COMMAND_EXECUTION]: The skill performs frequent filesystem operations to manage the 'mindmap-on-disk' structure.
- Evidence: The skill creates and updates directories and files (YAML, Markdown) under 'docs/brainstorms/deep/' to persist state across sessions, as detailed in 'references/mindmap-schema.md'.
Audit Metadata