wiki-lint
Fail
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to access the
.envfile, which is categorized as a sensitive file path. - Evidence: Found in
SKILL.mdin the 'Before You Start' section: 'Read .env to get OBSIDIAN_VAULT_PATH'. - Security Concern:
.envfiles are standard locations for storing sensitive environment variables, API keys, and credentials. Reading this file exposes its entire contents to the agent's context, posing a high risk of accidental secret exposure. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted data from the user's Obsidian vault.
- Ingestion points: The skill iterates through all markdown (
.md) files in the vault, as well asindex.mdandlog.md(documented inSKILL.md). - Boundary markers: Absent. There are no instructions to use delimiters or to treat the note content as data that should not be interpreted as instructions.
- Capability inventory: The skill has significant capabilities, including reading and writing files, creating new pages, modifying frontmatter, and triggering other skills like
cross-linker. - Sanitization: Absent. The skill directly compares claims across notes and updates page content based on its analysis of the raw text.
Recommendations
- AI detected serious security threats
Audit Metadata