team-brain-sync
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run Node.js scripts like generator.js and stats.js located in the skill's relative scripts directory.
- [COMMAND_EXECUTION]: Employs node -e to execute inline JavaScript for project root discovery, configuration loading, and file generation tasks.
- [INDIRECT_PROMPT_INJECTION]: The skill generates files like .cursorrules and CLAUDE.md which act as instructions for AI agents. This creates a surface for indirect prompt injection if the source 'team brain entries' are untrusted. Ingestion points: 'team brain entries' processed via generator.js. Boundary markers: None explicitly provided in the skill instructions. Capability inventory: File writing and command execution via Bash. Sanitization: Dependent on internal logic in generator.js.
Audit Metadata