project-brain
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
git diff --name-onlyto programmatically identify files changed during a session, helping populate the session log with accurate technical history. - [SAFE]: Implements a strict 'User Confirms Before Write' rule (Rule 2), ensuring the agent never modifies or creates files without the user reviewing and approving the gathered session data.
- [SAFE]: Enforces a 'No Silent Defaults' policy (Rule 7) for directory resolution, requiring an explicit user selection via the
AskUserQuestiontool before determining where brain documents are stored. - [SAFE]: The skill operates entirely within the local filesystem and uses standard tools (
Read,Write,Edit) without requesting network access or downloading external code. - [SAFE]: Analyzed the attack surface for indirect prompt injection (Category 8). The skill reads external markdown files (ingestion point) and possesses write capabilities (capability). This is effectively mitigated by robust boundary markers (markdown headings) and a mandatory confirmation gate for all write operations.
Audit Metadata