secondbrain-freshness
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted data from various workspace records (ADRs, Tasks, Notes) which could contain malicious instructions designed to influence the agent's output or actions. 1. Ingestion points: Step 2 instructions require the agent to load all records for enabled entities. 2. Boundary markers: The workflow lacks explicit delimiters or instructions to the agent to ignore embedded commands within the records being analyzed. 3. Capability inventory: The skill includes logic to read all files in the workspace and write updates to .claude/data/config.yaml. 4. Sanitization: No sanitization, filtering, or validation is performed on the record data before it is processed by the agent.
- DATA_EXPOSURE (SAFE): The skill accesses project configuration and internal records to perform its audit. This access is limited to the local environment and is consistent with the primary purpose of managing a personal knowledge base.
Audit Metadata