wiki-research
Fail
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to read sensitive local files to resolve configuration, which could lead to the exposure of credentials stored in those files.\n
- Evidence: The 'Config Resolution Protocol' requires reading '.env' and '~/.obsidian-wiki/config' files.\n- [COMMAND_EXECUTION]: The skill utilizes an external command-line tool to perform content extraction from the web.\n
- Evidence: Instructions recommend the use of the 'defuddle' command for cleaner content extraction from URLs.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from arbitrary web sources and uses it to influence its synthesis and file-writing operations.\n
- Ingestion points: Content fetched via 'WebSearch', 'WebFetch', and 'defuddle' from external URLs in Rounds 1 and 2.\n
- Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded instructions when processing the fetched content.\n
- Capability inventory: The skill has extensive file-writing permissions within the vault path and performs additional network searches based on findings.\n
- Sanitization: No sanitization or validation of the fetched web data is performed before synthesis or filing into the wiki.
Recommendations
- AI detected serious security threats
Audit Metadata