brainstorming
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the local environment, creating a surface for indirect prompt injection.
- Ingestion points: The agent is instructed to explore project context by checking files, docs, and recent commits (SKILL.md).
- Boundary markers: Absent; there are no instructions to ignore or delimit instructions found within the ingested data.
- Capability inventory: The skill performs file writes to create design documents and executes git commits (SKILL.md).
- Sanitization: Absent; the skill does not define methods for sanitizing or escaping the content read from the project environment.
Audit Metadata