Skills
skills/ar9av/obsidian-wiki/obsidian-wiki-ingest/Gen Agent Trust Hub

obsidian-wiki-ingest

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted external data (Markdown, PDFs, images) from the OBSIDIAN_SOURCES_DIR into the agent's context.
  • Ingestion points: OBSIDIAN_SOURCES_DIR and _raw/ directories as specified in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided for the ingestion phase.
  • Capability inventory: The skill executes shell scripts (scripts/ingest-wiki.sh), invokes CLI tools (wiki-ingest), and performs file read/write operations on the local system.
  • Sanitization: There is no evidence of content sanitization or validation of the source documents before they are processed by the agent.
  • [COMMAND_EXECUTION]: The skill is designed to create and execute shell scripts (e.g., scripts/ingest-wiki.sh) and proposes modifying the user environment by creating command aliases to facilitate the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 07:37 PM