idea-ingest
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to fetch and process data from external URLs, creating a surface for indirect prompt injection where malicious instructions could be embedded in the ingested content.
- Ingestion points: Phase 1 fetches content from user-provided links, articles, and tweets via web fetch tools.
- Boundary markers: The instructions do not specify the use of delimiters (e.g., XML tags or triple quotes) or explicit instructions to the agent to ignore embedded commands within the fetched content.
- Capability inventory: The skill utilizes tools for database modification (
put_page,add_link) and executes local shell commands (gbrain files upload-raw,gbrain sync). - Sanitization: There is no evidence of content sanitization, escaping, or validation before the fetched data is analyzed or passed to the CLI tools.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform operations using a local CLI utility named
gbrain. These operations includegbrain files upload-rawfor data provenance andgbrain syncfor indexing. These commands interact with the local file system and environment to manage the knowledge base.
Audit Metadata