nutmeg-brainstorm
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill reads a local user profile file (
.nutmeg.user.md) to tailor its suggestions. While this involves reading local data, it is limited to the user's specific preferences (language, libraries, experience level) and does not target sensitive system credentials or environment variables. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it fetches and processes content from external sources like Twitter/X, GitHub, and general web searches to provide design ideas.
- Ingestion points:
WebSearchandWebFetchtools are used in Phase 2 to research real-world examples and open implementations. - Boundary markers: The skill includes a dedicated 'Security' section in
SKILL.mdthat explicitly instructs the agent to treat all external content as untrusted and not to execute code found in fetched content. - Capability inventory: The agent has access to
Bash,Write, andAgenttools, which are powerful; however, the instructions emphasize using these for generating starter code for the user rather than autonomous execution. - Sanitization: The skill relies on instructional guardrails to prevent the execution of untrusted external content.
- [EXTERNAL_DOWNLOADS]: The skill is designed to search and link to external repositories and community examples (e.g., GitHub, Twitter) for inspiration. This is a core part of its brainstorming functionality and uses well-known services for reference.
Audit Metadata