brainrepo
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill explicitly instructs the agent to store sensitive personal data (Journal, People, Projects) and perform automated network operations via
git push. This creates a high risk of exfiltrating private information to external servers if the Git remote is not strictly controlled by the user. - [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The agent reads untrusted data from the
Resources/andInbox/folders, which are intended for external articles and web content. - Boundary markers: None. The instructions do not specify any delimiters or safety headers when reading stored notes.
- Capability inventory: The agent can execute shell commands (
mkdir,git), create/modify files, and perform network requests (git push). - Sanitization: No sanitization is performed on external content before it is stored or subsequently retrieved for reasoning.
- [COMMAND_EXECUTION] (MEDIUM): The onboarding and workflow instructions require the agent to execute multiple shell commands (
mkdir -p,git init,git add,git commit,git push). While these are part of the stated functionality, they represent a significant capability that could be abused if the agent is influenced by malicious note content.
Recommendations
- AI detected serious security threats
Audit Metadata