Skills
skills/notque/claude-code-toolkit/topic-brainstormer/Gen Agent Trust Hub

topic-brainstormer

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to retrieve technical context from the user's environment to fuel the brainstorming process.
  • Evidence: It executes git log --oneline -50 and history | grep -i error to find recent technical struggles and debugging sessions.
  • Context: These operations are restricted to local metadata retrieval and are consistent with the skill's stated purpose of 'problem mining' for content creation.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingest data from external files and command outputs.
  • Ingestion points: Files located in the content/ directory and the output of shell commands (git log, history) are read into the agent's context.
  • Boundary markers: The instructions do not specify explicit delimiters or 'ignore instructions' markers for the ingested text.
  • Capability inventory: The skill possesses Read, Write, and Bash capabilities, which could be abused if malicious instructions were embedded in the ingested content.
  • Sanitization: There is no evidence of sanitization or safety-filtering for the content read from the local environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 05:55 AM
Security Audit — agent-trust-hub — topic-brainstormer