brain-status
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by aggregating and displaying data from various local files.
- Ingestion points: The skill reads metadata and content from
pages/Projects___*.md(properties, Current Plan, Session Log),pages/Decisions.md, andpages/Meta.md. - Boundary markers: No delimiters or instructions are provided to the agent to treat the ingested file content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill utilizes file globbing and targeted file reads. It also writes activity logs to
skills/_shared/journey-log.md. No network or shell execution capabilities are present. - Sanitization: No sanitization, escaping, or validation of the content read from the markdown files is performed before it is presented to the user.
Audit Metadata