capture
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes provided local Python scripts (
workspace_inventory.py,dump_classifier.py,complexity_estimator.py) to perform context-aware analysis of brain dumps and identify relevant workspace connections. It also guides the agent to use standard shell commands (ls,find) for directory discovery. These scripts utilize only Python's standard library and include path sanitization. - [EXTERNAL_DOWNLOADS]: Documentation references the official Notion MCP server on GitHub (
github.com/makenotion/notion-mcp-server) for optional cloud storage integration. This is a reference to a well-known and trusted service and does not involve automatic downloads or execution. - [PROMPT_INJECTION]: The skill processes untrusted user brain dumps, creating a surface for potential indirect prompt injection.
- Ingestion points: User-provided text dumps processed by
SKILL.mdtriggers. - Boundary markers: Absent; the skill does not wrap input in specific delimiters or use explicit instructions to ignore embedded commands.
- Capability inventory: File reading, globbing, shell command execution, and Notion MCP interaction.
- Sanitization: The skill's scripts use
re.escape()to sanitize inputs before regex matching. An 'Approval Gate' is strictly enforced, requiring explicit user consent before the agent performs any proposed action or updates external services.
Audit Metadata