secondbrain-search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes the shell command
qmd query "<user_query>" --json --limit=<limit>. The<user_query>variable is directly interpolated from user input into a shell string within double quotes. An attacker providing a query likehello" ; id ; #could achieve arbitrary command execution on the host system. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of an external, unverifiable package
qmdvianpmorbun. This package is not from a trusted source and is installed globally (-g), which is a security risk if the package or its dependencies are malicious. - [REMOTE_CODE_EXECUTION] (HIGH): Combined with the command injection vulnerability, this allows for remote execution of arbitrary code should the agent process a malicious search query or untrusted metadata from the 'secondbrain' files.
- [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill ingests data from local project files (notes, ADRs, tasks). If these files contain malicious instructions, they could influence the agent's behavior when it 'Enriches with Metadata' or 'Formats Output', especially if the agent treats the content of these files as instructions rather than data.
- [PRIVILEGE_ESCALATION] (MEDIUM): Recommending global installation of npm packages (
npm install -g) often prompts users forsudoprivileges, increasing the potential impact of a malicious package.
Recommendations
- AI detected serious security threats
Audit Metadata