kb-init
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script
../obsidian-notes-karpathy/scripts/detect_lifecycle.pyto analyze the target vault before performing operations. Running scripts from relative paths outside the immediate skill folder is a security risk if the environment or the scripts themselves are untrusted. - [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection as it processes content from an existing vault and external reference files to generate
AGENTS.mdandCLAUDE.md, which provide instructions for future agent behavior. • Ingestion points: Target vault content and shared reference files in../obsidian-notes-karpathy/references/. • Boundary markers: No specific delimiters or safety warnings for embedded instructions were identified. • Capability inventory: File system creation and modification, plus shell command execution via thedetect_lifecycle.pyscript andobsidian-cli. • Sanitization: No explicit sanitization of the ingested data or validation of the external reference templates is mentioned.
Audit Metadata