para-second-brain
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a
scripts/setup.shbash script that executes filesystem commands (mkdir,cat) to create a directory structure and initialize memory templates. It also recommends the use of theln -scommand to modify the search scope of indexing tools by creating symbolic links within the workspace. - [PROMPT_INJECTION]: The skill facilitates the ingestion and semantic searching of user-generated notes, which introduces a potential surface for indirect prompt injection attacks.
- Ingestion points: Files stored within the
notes/andmemory/PARA structure are indexed and read by the agent. - Boundary markers: Absent. The skill does not provide instructions to the agent to use delimiters or to disregard potential instructions embedded within the retrieved note content.
- Capability inventory: The skill utilizes
memory_searchfor reading content and maintains the ability to write to files and manage directory structures. - Sanitization: Absent. There is no logic provided to filter, escape, or validate the content ingested from external or user-provided files before it is processed by the agent.
Audit Metadata