brainstorm
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill instructions or associated files.
- [COMMAND_EXECUTION]: The skill utilizes platform-provided tools such as @codebase-review-agent and @create-branch for their intended purposes within the brainstorming workflow. These operations are restricted to workspace analysis and branch management.
- [DATA_EXFILTRATION]: No evidence of unauthorized data exposure or external exfiltration was identified. Operations are restricted to the local environment and user interaction via the platform's questioning tool.
- [PROMPT_INJECTION]: The skill processes external codebase data and user-provided arguments, creating an indirect injection surface. However, the risk is assessed as safe due to the design-focused nature of the skill and the use of explicit structural delimiters for input.
- Ingestion points: User input via $ARGUMENTS and codebase content via @codebase-review-agent.
- Boundary markers: The skill uses XML-style tags to encapsulate user input.
- Capability inventory: Operations include writing design documents to the docs/brainstorm/ directory and managing branches via @create-branch.
- Sanitization: No explicit sanitization or filtering of external content is performed.
Audit Metadata