vault-synthesize
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and synthesizes information from untrusted local vault files (such as README.md, gemini3_summary.txt, and transcript.txt). \n
- Ingestion points: Data enters the agent context through the Read tool in Step 4. \n
- Boundary markers: The synthesis template in Step 5 does not utilize specific delimiters or instructions to ignore instructions embedded within the source documents. \n
- Capability inventory: The skill is equipped with Read and Write tools, alongside the obsidian CLI for searching and logging to daily notes. \n
- Sanitization: There is no evidence of sanitization or validation of the content retrieved from the vault files prior to its use in generating new notes.
Audit Metadata