long-audio-to-obsidian
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
doc_merger.pyand uses shell commands likemvto manage and organize files, which is consistent with its intended purpose. - [INDIRECT_PROMPT_INJECTION]: The skill processes transcription data, which serves as a surface for indirect prompt injection. 1. Ingestion points: Transcription files are read from the local directory by the
doc_merger.pyscript. 2. Boundary markers: The script isolates content by wrapping it in Markdown code blocks. 3. Capability inventory: The skill can read, write, and move files within the project directory. 4. Sanitization: The skill relies on Markdown structure to separate external content from instructions without further sanitization.
Audit Metadata