configuring-agent-brain
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user through installing several Python packages (
agent-brain-rag,agent-brain-cli) and system-level tools (ollamaviabrew). These are legitimate dependencies for the search system described. - [COMMAND_EXECUTION]: Numerous shell commands are utilized to initialize the project, manage the server, and verify the installation. Examples include
agent-brain init,agent-brain start, andagent-brain status. - [CREDENTIALS_UNSAFE]: The documentation references various API keys (OpenAI, Anthropic, etc.). It correctly identifies the risk of credential exposure and instructs the user to use environment variables or secure configuration files with restricted permissions (
chmod 600), specifically warning against committing these secrets to version control. - [PROMPT_INJECTION]: As a tool designed to index and search external documents, the system presents an Indirect Prompt Injection surface (Category 8). Malicious instructions embedded in indexed documents could potentially influence agent behavior during retrieval operations.
- Ingestion points: Files indexed via
agent-brain index ./docsinSKILL.md. - Boundary markers: None explicitly defined in the provided configuration instructions.
- Capability inventory: The skill uses
BashandReadtools; theagent-brainCLI provides file system access and indexing capabilities. - Sanitization: Not mentioned in the configuration files.
- [SAFE]: No evidence of malicious obfuscation, persistence mechanisms, or unauthorized privilege escalation was found. The use of
sudois explicitly discouraged in the installation instructions.
Audit Metadata