Skills
skills/mylesmcook/mcook-skills/brainerd-reflect/Gen Agent Trust Hub

brainerd-reflect

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts (scripts/brainerd-claude.sh, scripts/brainerd-codex.sh) and Windows batch files (scripts/brainerd-claude.cmd, scripts/brainerd-codex.cmd) to manage memory persistence routing.
  • [EXTERNAL_DOWNLOADS]: The provided scripts use npx --yes tsx to run local TypeScript source files. This command fetches the tsx package from the official NPM registry if it is not already present in the local cache.
  • [COMMAND_EXECUTION]: The skill generates temporary JSON payloads and writes them to /tmp/brainerd-reflect.json as an intermediate step before applying updates to the repository.
  • [PROMPT_INJECTION]: The skill processes untrusted session data to identify durable learnings, which introduces a surface for indirect prompt injection.
  • Ingestion points: Conversation history is ingested via brainerd_current_session, and existing repository memory is read from brain/index.md and brain/principles.md.
  • Boundary markers: The instructions specify distilling content into small changes and require a specific Brainerd summary: prefix for the final output.
  • Capability inventory: The skill possesses the capability to modify repository files through local CLI wrappers.
  • Sanitization: No explicit sanitization or escaping of session content is performed; the skill relies on the agent's summarization logic to filter inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 01:50 AM