brain-history
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several MCP tools (
mcp__graph-brain__search-knowledge,mcp__graph-brain__get-knowledge,mcp__graph-brain__search-by-tags) to search, retrieve, and update content in a knowledge graph. It also performs file system writes by appending to.brain/activity-log.json. - [PROMPT_INJECTION]: Indirect prompt injection surface detected.
- Ingestion points: Note content and changelog data are retrieved from the knowledge base using
mcp__graph-brain__get-knowledgeinSKILL.md. - Boundary markers: The instructions do not specify any boundary markers or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill possesses the capability to read/write to the knowledge base and append to local files.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the content retrieved from external notes before it is processed or displayed.
Audit Metadata