dbrain-processor
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not exhibit any malicious patterns, obfuscation, or data exfiltration attempts. It focuses on local vault operations and structured data processing.
- [PROMPT_INJECTION]: The skill contains strict formatting rules (e.g., mandatory RAW HTML for Telegram output) and processing instructions. These are functional requirements for its specific use case and do not attempt to bypass safety filters or core agent instructions.
- [DATA_EXFILTRATION]: Access is restricted to the user's Obsidian vault folders (e.g., goals, business, projects). No unauthorized network activity or credential harvesting from sensitive system paths was detected. Reporting is limited to the agent's standard communication channel.
- [PROMPT_INJECTION]: (Indirect Prompt Injection Surface) The skill processes external data from journal entries. While an attack surface exists, the risk is minimized by the local nature of the vault and the specific classification logic.
- Ingestion points: Processes external entries in
daily/YYYY-MM-DD.md. - Boundary markers: Uses markdown headers as delimiters, though it lacks explicit 'ignore' instructions for embedded data.
- Capability inventory: File system read/write access to thoughts, CRM notes, and daily logs.
- Sanitization: Content is formatted into JSON and markdown without specific sanitization functions described.
- [COMMAND_EXECUTION]: The skill uses standard tools like
grepfor searching the local vault, which is consistent with its stated purpose and does not involve elevated privileges or dangerous command sequences.
Audit Metadata