digital-brain
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill manages highly sensitive personal information, including network contacts, interaction history, and identity profiles. This data is handled locally within the skill's file structure (e.g., contacts.jsonl, interactions.jsonl) and is intended for the user's private management system.\n- [COMMAND_EXECUTION]: Instructions direct the agent to execute local Python scripts such as weekly_review.py and stale_contacts.py located within the agents/scripts/ directory for automation and metrics analysis.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process data from external sources, creating a potential surface for indirect prompt injection.\n
- Ingestion points: interactions.jsonl (containing external communication), bookmarks.jsonl (containing external research/web content), and ideas.jsonl.\n
- Boundary markers: The instructions do not define explicit delimiters or warnings for the agent to ignore instructions embedded within these data files.\n
- Capability inventory: The skill utilizes terminal execution for local scripts and performs extensive file system operations (read/write).\n
- Sanitization: No specific validation or sanitization process is described for content imported from external bookmarks or logs.
Audit Metadata