brain-reflect
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted conversation history and historical logs to identify behavioral patterns.
- Ingestion points: The current session context and the last 15 logs stored in
~/.brain/logs/are ingested for analysis (SKILL.md). - Boundary markers: No explicit delimiters or 'ignore' instructions are defined to separate the data being analyzed from potential instructions embedded within it.
- Capability inventory: The skill has the capability to write to and modify
rules.mdandvalues.md, which govern the agent's high-level logic and behavior (SKILL.md). - Sanitization: The risk is mitigated by a manual checkpoint requiring the user to approve all suggested additions or merges before files are updated.
Audit Metadata