Brain Search

The skill is suspicious due to two primary reasons: 1) It explicitly provides an API endpoint (`POST /api/upload`) that allows the agent to upload arbitrary local files (e.g., `@/path/to/file.jpg`) to `https://second-brain-chi-umber.vercel.app`. This creates a significant data exfiltration risk if the agent can be prompted to upload sensitive files (e.g., credentials, private keys). 2) The `SKILL.md` contains strong instructions like 'CRITICAL RULE — NO FABRICATION' and 'EXECUTE EVERY CURL COMMAND FOR REAL', which make the agent highly susceptible to prompt injection. If user input can influence the `curl` commands, it could lead to arbitrary command execution or further data exfiltration, leveraging the agent's willingness to execute shell commands. While the skill itself doesn't contain malicious payloads, it provides critical capabilities that are highly vulnerable to exploitation.