brains-trust
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches model lists and configuration from an external domain 'https://models.flared.au/'.\n- [COMMAND_EXECUTION]: Generates a Python script at '.claude/scripts/brains-trust.py' and executes it to handle API interactions and parallel processing.\n- [DATA_EXFILTRATION]: Sends user-provided code and workspace context to external AI providers (OpenRouter, OpenAI, and Google) via their respective APIs as part of the intended consultation workflow.\n- [PROMPT_INJECTION]: Ingests untrusted workspace files and interpolates them directly into prompts sent to external models, creating a surface for indirect prompt injection.\n
- Ingestion points: Workspace files related to the current session (e.g., source code, design docs).\n
- Boundary markers: Uses '--- filename ---' separators within the generated prompt to distinguish file contents.\n
- Capability inventory: The skill can read local files, write scripts to the filesystem, and initiate network requests to external AI APIs.\n
- Sanitization: No evidence of sanitization, escaping, or instruction-override protection for file contents before prompt construction.
Audit Metadata