brainstorm

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [DYNAMIC_CONTEXT_INJECTION]: The scripts/create-design-doc.md template utilizes shell interpolation (using the ! syntax) to extract local environment metadata such as date, git config user.name, and recent git log entries. These commands are executed locally to populate design documentation and do not process unsanitized user arguments.
  • [DYNAMIC_EXECUTION]: The skill configuration in SKILL.md includes PreToolUse hooks that invoke internal scripts via the platform's run-hook.mjs wrapper. This is a standard mechanism for loading project-specific instructions and prior decision history into the agent's context.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill makes use of the PushNotification tool to provide status updates for long-running brainstorming tasks. This is a legitimate application of the platform's notification capabilities and does not involve exfiltrating sensitive data to third-party endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 10:18 PM
Security Audit — agent-trust-hub — brainstorm