data-ingest
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and interpret arbitrary text from untrusted external sources.
- Ingestion points: The skill reads various file formats including JSON, CSV, HTML, and chat logs (e.g., SKILL.md mentions 'conversations.json', 'Slack exports', etc.) to extract knowledge and distill it into wiki pages.
- Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent ignores or treats instructions found within the source material as data rather than commands.
- Capability inventory: The agent has the capability to write and modify files within the local file system (the Obsidian vault), specifically creating or updating Markdown pages, '.manifest.json', and 'index.md'.
- Sanitization: No sanitization, escaping, or validation of the extracted external content is performed before it is used to generate or update wiki content.
Audit Metadata