skills/garrytan/gbrain/maintain/Gen Agent Trust Hub

maintain

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data (markdown notes and session transcripts) through LLM-powered subagents to synthesize information, creating a surface for indirect prompt injection where malicious content in source files could attempt to influence subagent behavior. \n- Ingestion points: Processes transcripts from user-defined directories and markdown files within the local repository as defined in SKILL.md. \n- Boundary markers: Explicit instruction delimiters are not defined, although the skill utilizes path-based write restrictions (allowed_slug_prefixes) to limit the scope of subagent operations. \n- Capability inventory: The system performs file writes, database updates, and executes subagents to generate pattern and reflection pages as described in SKILL.md. \n- Sanitization: Employs regex-based exclusion patterns and a preliminary filtering pass using a secondary model to validate data before full processing. \n- [COMMAND_EXECUTION]: The skill utilizes the 'gbrain' command-line interface to perform system-level operations, including the installation of a persistent background worker (autopilot) and the execution of maintenance cycles. \n- Evidence: Commands such as 'gbrain autopilot --install' and 'gbrain dream' are used to manage local background processes and automate file system tasks, as documented in SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 03:01 AM
Security Audit — agent-trust-hub — maintain