brain-explain
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's operations are limited to searching and reading from internal or local data sources (knowledge graph and codebase) to provide explanations. It does not perform any network operations, arbitrary command execution, or privileged actions.
- [PROMPT_INJECTION]: The skill ingests data from external sources (knowledge graph notes and source code) to synthesize explanations. While this represents a surface for indirect prompt injection, it is a standard part of the skill's analytical function and is not considered a high-risk finding in this context.
- [COMMAND_EXECUTION]: The skill uses specific Model Context Protocol (MCP) tools for graph searching and exploration. These tools are used as intended for information retrieval and do not expose the system to command injection vulnerabilities.
Audit Metadata