brainstorm
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [DYNAMIC_CONTEXT_INJECTION]: The
scripts/create-design-doc.mdtemplate utilizes shell interpolation (using the!syntax) to extract local environment metadata such asdate,git config user.name, and recentgit logentries. These commands are executed locally to populate design documentation and do not process unsanitized user arguments. - [DYNAMIC_EXECUTION]: The skill configuration in
SKILL.mdincludesPreToolUsehooks that invoke internal scripts via the platform'srun-hook.mjswrapper. This is a standard mechanism for loading project-specific instructions and prior decision history into the agent's context. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill makes use of the
PushNotificationtool to provide status updates for long-running brainstorming tasks. This is a legitimate application of the platform's notification capabilities and does not involve exfiltrating sensitive data to third-party endpoints.
Audit Metadata