second-brain
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the shell to initialize the vault and install dependencies. It executes a local setup script (onboarding.sh) and global package installations (npm i -g). User-provided input for the vault path is passed to these commands.
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs third-party CLI tools from the official NPM registry and provides a reference to a browser extension in the Chrome Web Store. The tools included are @steipete/summarize, @tobilu/qmd, and agent-browser.
- [PROMPT_INJECTION]: The skill's primary workflow involves processing source documents that may contain untrusted data, creating an indirect prompt injection surface.
- Ingestion points: The agent is instructed to read all files placed in the raw/ directory of the vault.
- Boundary markers: No specific delimiters or safety instructions are defined for the reading of raw source files.
- Capability inventory: The agent has access to powerful tools including Bash, file system operations, and browser automation via agent-browser.
- Sanitization: There is no evidence of sanitization or filtering of the content read from the source files before it is processed by the LLM.
Audit Metadata