vault-moc
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands (
obsidian folders,obsidian search) to retrieve folder structures and file lists within the Obsidian vault. This is necessary for its core functionality and is limited to the local environment.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) because it reads and processes the content ofREADME.mdandgemini3_summary.txtfiles from various project folders without explicit sanitization or boundary markers. If these files were to contain malicious instructions, an agent might attempt to follow them during the note composition process.\n - Ingestion points: Reads from project folders in the local vault (SKILL.md, steps 2, 3, and 5).\n
- Boundary markers: Absent; the skill interpolates content from files directly into the markdown output note (SKILL.md, step 6).\n
- Capability inventory: Can list folders and write new markdown files to the vault root via the
Writetool (SKILL.md, step 7).\n - Sanitization: No sanitization or validation of the content read from files is performed.
Audit Metadata