project-brain
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to ingest and summarize external markdown documents ('brain' files) in
assets/modes/LOAD.md. Malicious instructions placed inside these documents could potentially influence the agent's behavior when it generates the 'context briefing'. This risk is mitigated by the skill's lack of network access and the requirement for user confirmation before performing any write operations. - Ingestion points: The skill reads brain documents from the filesystem or Obsidian vaults in
assets/modes/LOAD.md(Step 3). - Boundary markers: The skill uses markdown headers and format version markers (e.g.,
<!-- brain-format: v2.0 -->) to structure data, though it lacks explicit delimiters to instruct the agent to ignore embedded instructions. - Capability inventory: The skill is authorized to use
Read,Edit,Write,Glob,Grep, andToolSearchtools for local filesystem management. - Sanitization: There is no mention of content sanitization or filtering of the read data before it is presented to the agent for summarization.
Audit Metadata