wiki-rebuild
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the sensitive
.envfile to retrieve theOBSIDIAN_VAULT_PATH. While this is used for configuration, reading from this file path is a data exposure risk, though the skill does not exhibit network exfiltration behavior. \n- [COMMAND_EXECUTION]: The skill instructs the agent to perform destructive local file system operations, including clearing directories and resetting core files. These actions are intended for vault maintenance and are restricted to the local environment with user confirmation checkpoints. \n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its ingestion of local vault configuration and archive metadata. \n - Ingestion points: Reads data from
.env,.manifest.json, and archive metadata files. \n - Boundary markers: None; the skill treats content from these local files as trusted configuration. \n
- Capability inventory: Broad file system read, write, and deletion access within the local vault path. \n
- Sanitization: None; metadata and configuration values are not validated before being used to inform agent actions.
Audit Metadata