second-brain-query
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from untrusted local files in the wiki and raw directories. Ingestion points: wiki/index.md, wiki/sources/, and raw/ directories. Boundary markers: The instructions lack delimiters or explicit warnings to ignore instructions embedded within the wiki files. Capability inventory: The skill has access to Bash, Read, Write, Edit, Glob, and Grep tools. Sanitization: There is no mention of sanitizing or validating content retrieved from the wiki.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the qmd CLI tool for searching. This represents a potential surface for command injection if user-supplied query terms are not correctly handled.
Audit Metadata