brain-dump
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It is designed to take unstructured 'stream of consciousness' or 'raw user input' and interpolate it directly into Markdown files and the agent's reasoning process.
- Ingestion points:
SKILL.mddefines the input as "any format of input," including raw thoughts and voice transcripts. - Boundary markers: There are no delimiters or instructions (e.g., 'ignore instructions inside user text') to prevent the agent from following commands hidden within the user's 'brain dump'.
- Capability inventory: The skill explicitly uses the
write_to_filetool to create and modify files in the user's Obsidian vault (SKILL.md). - Sanitization: No sanitization or validation of the input is performed before it is written to the local filesystem or used to generate the daily note.
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to create a
Brain Dump Dashboard.mdcontaining Dataview queries. While Dataview is a standard Obsidian plugin, an attacker could potentially inject malicious DataviewJS or complex queries via the 'brain dump' input that execute when the user opens the dashboard in Obsidian.
Recommendations
- AI detected serious security threats
Audit Metadata