vault-cleanup-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes bash scripts to perform file system searches and metadata analysis using tools like find, grep, wc, and stat. These commands are used strictly for the skill's primary function of auditing an Obsidian vault and are restricted to the user-provided vault path.
- [DATA_EXPOSURE]: The skill accesses filenames and contents of markdown files within the specified vault directory to generate an audit report. This data is processed locally and the resulting report is saved within the same vault directory; no data is sent to external services or non-whitelisted domains.
- [PROMPT_INJECTION]: The skill processes untrusted data in the form of filenames and file contents during the audit process. Ingestion points: Filenames and markdown file content found within the vault_path via find and grep commands in SKILL.md. Boundary markers: Absent; the agent is instructed to capture raw output from bash checks and format it into a report. Capability inventory: File system read access, directory creation (mkdir -p), and file write access (echo to the report file). Sanitization: Absent. While the skill does not sanitize filenames or content, the risk is evaluated as low given the restricted local scope and the intended use case as an auditor.
Audit Metadata