tgravity-work-mcn-brief-builder

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a bundled Python script (scripts/render_mcn_asset.py) to generate Markdown assets within the user's project data directory. The script is used locally for file scaffolding and does not perform network operations.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied brand requirements. It manages the risk of malicious instructions within that data by using a dedicated script that sanitizes YAML metadata (using JSON encoding for scalars) before writing to the file system, and by restricting file writes to the tgravity-work-data/mcn/ path.
  • [SAFE]: The Python script includes a security check to ensure the output directory is not inside the skill package itself, preventing the skill from being used to overwrite its own instructions or scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 08:01 AM
Security Audit — agent-trust-hub — tgravity-work-mcn-brief-builder