brain
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes a local CLI tool named
brain. The command usage is restricted to the specific parameters defined in the markdown and does not exhibit patterns of arbitrary code execution or privilege escalation. - PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection (Category 8) because it ingests untrusted data from markdown notes. Ingestion points: Data enters the context through
brain searchoutputs andbrain addfile reads. Boundary markers: Absent; the agent is not instructed to use delimiters or ignore instructions within the notes. Capability inventory: The skill has file-reading and file-writing capabilities through the CLI interface. Sanitization: Absent; there is no validation or escaping of note content before it is processed by the agent.
Audit Metadata