cross-linker
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to read the
.envfile to retrieve theOBSIDIAN_VAULT_PATH. Accessing environment files is a sensitive operation as these files are standard locations for storing private credentials, API keys, and other secrets which would be exposed to the agent's context during this process. - [PROMPT_INJECTION]: The skill's architecture creates a surface for indirect prompt injection because it reads raw content from untrusted files and performs automated write operations.
- Ingestion points: The agent reads the full content of all Markdown (
.md) files within the Obsidian vault during the scanning and cross-referencing process. - Boundary markers: No boundary markers or instructions to disregard embedded commands in the notes are present; the agent is expected to parse the full text of user-controlled files.
- Capability inventory: The skill possesses significant write capabilities, including modifying existing files to insert inline wikilinks and appending summaries to
log.md. - Sanitization: There is no evidence of sanitization, escaping, or validation of the content read from notes before it is processed or written back to the file system.
Audit Metadata