brain-expert
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The skill includes instructions for the 'brain cron install' command, which modifies the system's crontab to establish a persistent background synchronization task. Granting an agent the ability to create persistent tasks is a high-privilege operation.
- Indirect Prompt Injection (LOW): The agent is tasked with searching and displaying content from user-controlled Markdown files. Maliciously crafted notes could contain instructions aimed at manipulating the agent's behavior. \n
- Ingestion points: The 'brain search' and 'brain show' commands read content from the local knowledge base. \n
- Boundary markers: The skill does not provide delimiters or instructions for the agent to ignore potential commands within the notes. \n
- Capability inventory: The agent has the ability to delete files ('brain rm'), modify files ('brain add'), and install background tasks ('brain cron'). \n
- Sanitization: There is no mention of content sanitization or validation for the Markdown files processed.
- Command Execution (LOW): The skill provides a comprehensive interface to the 'brain' CLI, allowing the agent to perform extensive file system operations, including creating, listing, and deleting files within the knowledge base directory.
Audit Metadata