wiki-query
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses the user's local configuration at
~/.obsidian-wiki/configand the document vault at$OBSIDIAN_VAULT_PATH. This behavior is entirely consistent with the skill's purpose as a knowledge retrieval tool and does not involve sending data to external or untrusted destinations. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external files in the user's wiki vault which could potentially contain malicious content meant to influence the agent.
- Ingestion points: Files located within the directory defined by the
OBSIDIAN_VAULT_PATHenvironment variable. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to isolate retrieved content from the agent's core logic.
- Capability inventory: The skill employs
Grepfor searching,Readfor accessing content, and a semantic search tool viamcp__qmd__query. It also maintains a local activity log inlog.md. - Sanitization: There is no evidence of sanitization or content validation before the retrieved text is used to synthesize a response for the user.
Audit Metadata