Skills
skills/learnwy/skills/ai-brain/Gen Agent Trust Hub

ai-brain

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The entry point brain.cjs executes secondary scripts using the Node.js child_process.spawn method. This is used to route user commands to the appropriate internal logic files. The execution is confined to internal scripts and arguments are not processed through a shell.
  • [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface by design. It stores untrusted data that is later loaded into the agent's context during retrieval.
  • Ingestion points: scripts/remember.cjs and scripts/lib.cjs save user-provided text into local Markdown files in the ~/.learnwy/ai/memory/ directory.
  • Boundary markers: The skill does not use delimiters or instructions to isolate recalled memories when they are presented to the agent in scripts/start.cjs or scripts/recall.cjs.
  • Capability inventory: The skill possesses file system capabilities (read, write, and delete) restricted to its local storage directory.
  • Sanitization: User-provided content is stored and retrieved as plain text without validation, escaping, or integrity checks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 06:54 PM