project-brain
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the 'git diff --name-only' command in the 'assets/modes/SAVE.md' file to identify changed files within a repository during the context gathering step.- [PROMPT_INJECTION]: A surface for indirect prompt injection exists as the skill reads and parses external markdown files which could contain malicious instructions designed to influence the agent's behavior during the briefing stage.
- Ingestion points: 'assets/modes/LOAD.md' reads brain documents from the local filesystem or Obsidian vaults.
- Boundary markers: Absent. The skill does not implement specific delimiters or 'ignore' instructions for the loaded content.
- Capability inventory: The skill is authorized to use 'Read', 'Edit', 'Write', 'Glob', 'Grep', and 'ToolSearch' tools.
- Sanitization: Absent. The skill parses markdown headers but does not sanitize or escape the content of the document sections before presenting them to the agent.
Audit Metadata