Skills
skills/sergio-bershadsky/ai/secondbrain-search-init/Gen Agent Trust Hub

secondbrain-search-init

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill registers a persistent PostToolUse hook in .claude/settings.local.json. This hook is configured to execute a Python script (search-index-update.py) automatically every time the agent uses the 'Write' or 'Edit' tools. This creates a permanent side-channel for code execution within the environment.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill prompts for the global installation of an unverified CLI tool named qmd via npm or bun. This tool further downloads approximately 1.5GB of external embedding models from unverified sources during its first run.
  • PROMPT_INJECTION (LOW): The skill implements an Indirect Prompt Injection surface (Category 8).
  • Ingestion points: Processes all content in the docs/ directory for indexing.
  • Boundary markers: None detected in the configuration or indexing commands.
  • Capability inventory: Executes subprocesses (qmd index, python3) and performs file system operations.
  • Sanitization: No evidence of sanitization or instruction filtering for the documents being indexed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:24 PM