tgravity-work-mcn-brief-builder
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bundled Python script (
scripts/render_mcn_asset.py) to generate Markdown assets within the user's project data directory. The script is used locally for file scaffolding and does not perform network operations. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied brand requirements. It manages the risk of malicious instructions within that data by using a dedicated script that sanitizes YAML metadata (using JSON encoding for scalars) before writing to the file system, and by restricting file writes to the
tgravity-work-data/mcn/path. - [SAFE]: The Python script includes a security check to ensure the output directory is not inside the skill package itself, preventing the skill from being used to overwrite its own instructions or scripts.
Audit Metadata