Skills
skills/ar9av/obsidian-wiki/wiki-ingest/Gen Agent Trust Hub

wiki-ingest

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted external content and has broad filesystem access and execution capabilities. \n
  • Ingestion points: Documents read from OBSIDIAN_SOURCES_DIR and the _raw/ directory inside SKILL.md (Step 1), including web clippings and PDFs. \n
  • Boundary markers: No explicit delimiters or instructions are provided to separate document content from agent instructions. \n
  • Capability inventory: Writing files to the vault, deleting files in _raw/, and executing shell commands for hashing. \n
  • Sanitization: No sanitization or validation of the extracted content is mentioned before writing it to the wiki. \n- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (sha256sum or shasum) in the 'Append Mode' section of SKILL.md to compute file hashes. This creates a risk of command injection if filenames derived from the filesystem or manifest contain shell metacharacters and are not properly sanitized or escaped.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 08:07 AM