Skills
skills/az9713/claude-code-obsidian/vault-capture/Gen Agent Trust Hub

vault-capture

Warn

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the defuddle package globally (npm install -g defuddle) if it is not present. This involves downloading and installing third-party code from the npm registry.
  • [COMMAND_EXECUTION]: The skill performs multiple shell operations using CLI tools like defuddle to parse web content and obsidian to search, create, and append data within the user's local vault.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it fetches untrusted content from external URLs and processes it without sanitization or boundary markers. This could allow an attacker-controlled website to inject instructions that influence the agent's note-taking or summarization behavior.
  • Ingestion points: Content extracted from external URLs via defuddle parse <url> in SKILL.md.
  • Boundary markers: None identified; the extracted content is directly interpolated into the note structure.
  • Capability inventory: Shell command execution (defuddle, obsidian), file system writes via obsidian create and the Write tool.
  • Sanitization: No sanitization or filtering of the extracted markdown content is performed before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 6, 2026, 09:09 AM