Skills
skills/ar9av/obsidian-wiki/wiki-agent/Gen Agent Trust Hub

wiki-agent

Warn

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill reads from .env files to retrieve configuration variables like CLAUDE_HISTORY_PATH and CODEX_HISTORY_PATH. .env files are high-risk targets as they frequently contain sensitive API keys and secrets.
  • [DATA_EXFILTRATION]: The skill accesses and reads private conversational history from multiple agents (Claude, Codex, Hermes, OpenClaw, and Copilot) located in home directories and application support folders. This exposes potentially sensitive user data to the current agent session.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands such as find and grep to scan the filesystem and extract text from session files. Improperly sanitized search queries could lead to command injection if passed directly to the shell.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
  • Ingestion points: Raw conversation logs (.jsonl, .json, .md) from five different AI agents.
  • Boundary markers: Absent. The instructions do not define delimiters or specify that the agent should ignore instructions embedded within the ingested history.
  • Capability inventory: File reading, file writing (updating the Obsidian wiki), environment variable access, and shell command execution (grep, find).
  • Sanitization: Absent. The skill extracts raw text 'blobs' using grep and immediately synthesizes them into answers or wiki pages.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 6, 2026, 05:25 AM