search-brain
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The search query provided in $ARGUMENTS is directly interpolated into the pattern parameters for the Grep and Glob tools. This creates a surface where a user could attempt to craft a query that manipulates the tool's intended behavior or parameters.\n- [PROMPT_INJECTION]: The skill ingests untrusted content from the 'Brain/' directory, creating an indirect prompt injection vulnerability.\n
- Ingestion points: The skill reads file names and content from the 'Brain/' directory using Grep, Glob, and Read tools.\n
- Boundary markers: No delimiters or instructions are used to distinguish search results from agent instructions, which could lead the agent to follow directives embedded in notes.\n
- Capability inventory: The skill utilizes tools for filesystem access, specifically Read, Grep, and Glob.\n
- Sanitization: Note content is ranked and presented without any sanitization or validation to filter out potential malicious instructions.
Audit Metadata