obsidian
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes git and gh (GitHub CLI) commands to initialize, configure, and synchronize repositories. These operations are performed at the user's request for vault backup purposes.
- [EXTERNAL_DOWNLOADS]: Fetches updates from remote repositories during git pull operations from well-known services like GitHub.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection as the agent reads and processes untrusted note content that may contain instructions.
- Ingestion points: Note content is ingested using read_note, read_multiple_notes, and search_notes tools defined in SKILL.md.
- Boundary markers: There are no specified delimiters or warnings used to separate note data from agent instructions.
- Capability inventory: The skill provides capabilities for writing and deleting notes, as well as pushing data to remote Git servers.
- Sanitization: No sanitization or validation of the ingested note content is performed before it is added to the agent's context.
Audit Metadata