my-brain-is-full-crew
Fail
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation process involves cloning a repository (github.com/gnekt/My-Brain-Is-Full-Crew.git) and executing a local bash script (scripts/launchme.sh). This script downloads and installs executable logic into the agent's environment without verification.
- [EXTERNAL_DOWNLOADS]: Fetches multiple agent configurations and scripts from a non-trusted GitHub repository.
- [COMMAND_EXECUTION]: Requires the user to execute shell commands to set up the environment and run the installer script, which can perform arbitrary actions on the host system.
- [DATA_EXFILTRATION]: Includes a 'Postman' agent that integrates with Gmail and Google Calendar to summarize emails and schedules, granting the system access to sensitive personal information.
- [PROMPT_INJECTION]: The skill architecture creates an attack surface for indirect prompt injection: 1. Ingestion points: Processes messy text in 00-Inbox, meeting transcripts, and incoming data from Gmail and Google Calendar. 2. Boundary markers: No specific delimiters or safety instructions are defined to isolate untrusted data. 3. Capability inventory: The agents possess file system access and can perform operations based on processed content. 4. Sanitization: No validation or sanitization of the external data is documented.
Recommendations
- AI detected serious security threats
Audit Metadata