wiki-status
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions mandate reading the .env file to retrieve configuration paths such as OBSIDIAN_VAULT_PATH and CLAUDE_HISTORY_PATH. Since .env files are standard locations for sensitive credentials and environment variables, accessing this file poses a data exposure risk.
- [DATA_EXFILTRATION]: The skill accesses the ~/.claude/projects/ directory, which contains private conversation history from the Claude AI agent.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and analyzes content from the user's Obsidian vault and conversation history files without explicit sanitization or boundary markers.
- Ingestion points: Markdown files in the Obsidian vault and JSONL conversation files in the Claude history path.
- Boundary markers: Absent; no instructions are provided to the agent to ignore embedded instructions in the ingested data.
- Capability inventory: The skill performs file globbing, structural analysis (grepping for links), and file writing (creating _insights.md and updating log.md).
- Sanitization: Absent; the skill reads and processes the content of the vault files directly to identify links and tags.
Audit Metadata