brain-explore
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests and processes untrusted data from a graph knowledge base to drive navigation.
- Ingestion points: Data enters the context via the mcp__graph-brain__search-knowledge, mcp__graph-brain__get-knowledge, and mcp__graph-brain__explore-graph tools as defined in SKILL.md.
- Boundary markers: No explicit delimiters or instructions are used to separate the content of nodes from the skill's control logic in the interactive map.
- Capability inventory: The skill is capable of performing recursive graph queries and writing to the local file system at .brain/activity-log.json.
- Sanitization: Note content and titles are interpolated into the display and navigation logic without sanitization or escaping.
- [COMMAND_EXECUTION]: The skill automates local file system operations by appending session metadata and navigation paths to .brain/activity-log.json.
Audit Metadata