brain-load
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs local file system operations by creating a .brain/ directory and appending to an activity-log.json file at the project root. These actions are limited to the project workspace and serve as a legitimate telemetry mechanism for the tool's intended functionality.\n- [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it retrieves external notes and incorporates them into the active session context without explicit sanitization.\n
- Ingestion points: Project knowledge is ingested from the Graph Brain service via the mcp__graph-brain__get-knowledge tool in SKILL.md.\n
- Boundary markers: The skill does not implement delimiters or warnings to isolate ingested content from system instructions.\n
- Capability inventory: The agent possesses capabilities to write to the local file system and execute further knowledge-retrieval tools.\n
- Sanitization: No content validation or escaping is performed on the data retrieved from the external source.
Audit Metadata