cc-second-brain
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines an automated workflow for consolidating memory observations ('engram') into persistent rule files ('memory/rules/cc-patterns.md') and an Obsidian-based knowledge vault. This architectural pattern introduces a surface for indirect prompt injection.\n
- Ingestion points: The consolidation process involves reading observations stored in the engram tier via the
mem_searchtool.\n - Boundary markers: There are no instructions or templates provided to ensure that consolidated observations are treated as data rather than instructions when appended to system-level rule files.\n
- Capability inventory: The skill utilizes filesystem writing via direct Write tools and the Obsidian MCP toolset to modify durable documentation and configuration files.\n
- Sanitization: The instructions lack descriptions for validating or sanitizing the content of memory observations before they are promoted to higher-tier rule files, potentially allowing malicious data to influence future agent sessions.
Audit Metadata