brainstorming

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local shell script located at ${CLAUDE_PLUGIN_ROOT}/scripts/init-writing-dir.sh to initialize the project directory structure. While this is an internal path, shell execution remains a significant capability.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its context exploration phase which ingests untrusted data.
  • Ingestion points: Step 1 of the checklist in SKILL.md instructs the agent to read project documentation, README files, CLAUDE.md, and historical archives from .writing/archive/*.md.
  • Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions embedded within the files being read.
  • Capability inventory: The agent has the ability to execute a shell script, create/write files in the .writing/ directory, and trigger subsequent automation via the writing-plans and git-worktrees tools.
  • Sanitization: No sanitization or validation of the retrieved file content is performed before it is used to influence the design process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:55 PM
Security Audit — agent-trust-hub — brainstorming