wiki-capture
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to read from sensitive files, specifically
~/.obsidian-wiki/configand.env. While this is intended to locate the user's Obsidian vault path, these files are standard locations for storing API keys, tokens, and other sensitive credentials. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of processing untrusted conversation data and writing it to the local file system.
- Ingestion points: The "current conversation" history is ingested to identify knowledge worth preserving.
- Boundary markers: Absent. The skill does not provide instructions to the agent to distinguish between user-provided data and system-level instructions or to ignore embedded commands.
- Capability inventory: The skill possesses capabilities to read the entire wiki vault and configuration files, create new markdown notes, and modify existing tracking files like
index.md,log.md, andhot.md. - Sanitization: Absent. There is no specified logic for validating or escaping the content extracted from the conversation before it is written to permanent files.
Audit Metadata