brain-init
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to manage the directory structure of the Logseq graph.
- Evidence: The
SKILL.mdfile explicitly directs the agent to usemkdir -pvia Bash to ensure thejournals/directory exists. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting user-provided data and persisting it to the file system without sanitization.
- Ingestion points: User-provided project names and descriptions are captured from natural language requests in
SKILL.md. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present when writing user content to Markdown files.
- Capability inventory: The agent has permissions to perform file writes and execute shell commands (
bash). - Sanitization: The skill lacks instructions for sanitizing, escaping, or validating the user-provided project information before it is written to the Logseq graph.
Audit Metadata