brownfield
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill leverages a dedicated MCP tool (ouroboros_brownfield) and provides explicit instructions to the agent to avoid using CLI or Python scripts. This adherence to platform-provided tools over arbitrary code execution is a security best practice.- [SAFE]: While the skill scans the user's home directory (~/), this behavior is clearly stated as its primary purpose. The scan is handled by the MCP tool, and no external network exfiltration of the data was identified.- [PROMPT_INJECTION]: The skill contains a surface for Indirect Prompt Injection (Category 8) because it ingests and displays repository names from the local filesystem without explicit sanitization. While this is a common pattern, it is noted as a potential attack surface.
- Ingestion points: Repository names from the filesystem (~/) are loaded into the agent's context.
- Boundary markers: Absent; names are displayed in a simple text grid without delimiters.
- Capability inventory: The agent has the ability to search for and execute other MCP tools.
- Sanitization: No validation or sanitization of the repository names is described in the skill logic.
Audit Metadata