obsidian-knowledge-filter
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on local Python scripts (
scripts/001_analyze_files.pyandscripts/002_extract_content.py) to handle file searching, indexing, and content extraction tasks. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted content from a local directory. Ingestion points:
scripts/001_analyze_files.pyrecursively reads Markdown files from a user-specified directory. Boundary markers: No specific delimiters or safety instructions are used to wrap extracted content before LLM analysis. Capability inventory: The skill has permissions to read/write local files and execute subprocesses (scripts). Sanitization: Content is cleaned for formatting (bold, images) inscripts/002_extract_content.py, but malicious instructions are not filtered. This risk is mitigated by the phased workflow requiring user approval at each step. - [SAFE]: No high-severity threats were identified. The scripts perform standard file operations using secure libraries like
yaml.safe_load()and do not initiate any network connections or exfiltrate data.
Audit Metadata