team-brain-sync

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run Node.js scripts like generator.js and stats.js located in the skill's relative scripts directory.
  • [COMMAND_EXECUTION]: Employs node -e to execute inline JavaScript for project root discovery, configuration loading, and file generation tasks.
  • [INDIRECT_PROMPT_INJECTION]: The skill generates files like .cursorrules and CLAUDE.md which act as instructions for AI agents. This creates a surface for indirect prompt injection if the source 'team brain entries' are untrusted. Ingestion points: 'team brain entries' processed via generator.js. Boundary markers: None explicitly provided in the skill instructions. Capability inventory: File writing and command execution via Bash. Sanitization: Dependent on internal logic in generator.js.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 05:00 PM
Security Audit — agent-trust-hub — team-brain-sync