para-second-brain
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill runs a local bash script to audit PARA directory structures. The script is well-contained, using standard shell utilities without network access or excessive permissions.
- [PROMPT_INJECTION] (LOW): An indirect prompt injection surface exists via untrusted file system metadata. 1. Ingestion points: Filenames and directory names are read from the target path by
scripts/validate.sh. 2. Boundary markers: None; structural metadata is interpolated into the validation report without delimiters. 3. Capability inventory: Local script execution and report generation. 4. Sanitization: None; filenames are treated as trusted strings in the report generation process.
Audit Metadata