brainstorming
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script located at
${CLAUDE_PLUGIN_ROOT}/scripts/init-writing-dir.shto initialize the project directory structure. While this is an internal path, shell execution remains a significant capability. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its context exploration phase which ingests untrusted data.
- Ingestion points: Step 1 of the checklist in
SKILL.mdinstructs the agent to read project documentation, README files,CLAUDE.md, and historical archives from.writing/archive/*.md. - Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions embedded within the files being read.
- Capability inventory: The agent has the ability to execute a shell script, create/write files in the
.writing/directory, and trigger subsequent automation via thewriting-plansandgit-worktreestools. - Sanitization: No sanitization or validation of the retrieved file content is performed before it is used to influence the design process.
Audit Metadata