brain-update
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is instructed to read and process content from external sources which could be manipulated by an attacker.
- Ingestion points: Content retrieved from the knowledge base using mcp__graph-brain__get-knowledge and related files mentioned within note content.
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings for the agent to ignore instructions embedded within the ingested data.
- Capability inventory: The skill possesses the ability to modify the knowledge base via mcp__graph-brain__save-knowledge and write log data to the file system at .brain/activity-log.json.
- Sanitization: None detected. The agent is directed to use the content to identify changes and update the graph directly.
- [COMMAND_EXECUTION]: The skill utilizes several internal tools for knowledge graph management and file system interaction.
- Tools: mcp__graph-brain__search-knowledge, mcp__graph-brain__get-knowledge, mcp__graph-brain__save-knowledge, and mcp__graph-brain__explore-graph.
- File access: The skill reads files referenced in project documentation and performs file system writes to manage a local activity log.
Audit Metadata