ingest
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from various sources to update a knowledge base.
- Ingestion points: The skill ingests data from external URLs, social media posts, PDFs, and meeting transcripts (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the ingestion logic.
- Capability inventory: The skill possesses the ability to modify the knowledge base via tools like
put_pageandadd_timeline_entry, and executes shell commands for data synchronization. - Sanitization: No sanitization is implemented; the skill explicitly directs the agent to capture user phrasing verbatim for "original thinking" (SKILL.md), which may lead to the storage and subsequent execution of malicious instructions.
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands using a domain-specific tool.
- Evidence: The agent is instructed to execute
gbrain sync --no-pull --no-embedto synchronize data (SKILL.md). - Evidence: The agent uses
gbrain files upload-rawfor preserving raw sources of ingested content (SKILL.md).
Audit Metadata