comet-design
Warn
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill dynamically searches for and sources a shell script (
comet-env.sh) from various locations, including hidden directories in the user's home folder. Sourcing a script from a computed path (. "$COMET_ENV") allows for the execution of arbitrary code if a file with that name is present in any of the searched locations. - [COMMAND_EXECUTION]: The skill executes multiple shell commands and scripts (
$COMET_STATE,$COMET_HANDOFF,$COMET_GUARD) to manage its workflow and phase transitions. - [DATA_EXFILTRATION]: The skill's search pattern includes sensitive directories such as
$HOME/.configand$HOME/.gemini, which potentially exposes configuration data and agent interaction history to the search process. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection via the processing of untrusted project artifacts.
- Ingestion points: Reads data from
proposal.md,design.md,tasks.md, andspecs/*/spec.mdin fileSKILL.md. - Boundary markers: No delimiters or instructions are provided to the brainstorming tool to ignore embedded instructions in these files.
- Capability inventory: The skill can execute shell commands and modify local files.
- Sanitization: No input validation or sanitization is performed on the ingested content.
Audit Metadata