Skills
skills/cdeistopened/opened-vault/daily-notes/Gen Agent Trust Hub

daily-notes

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Path traversal vulnerability in daily-note.sh. The cmd_get_note function accepts a user-controlled date_input to construct a file path ($NOTES_DIR/${date_input}.md) without validation, allowing for unauthorized access to arbitrary Markdown files via traversal sequences (e.g., ../../).
  • [PROMPT_INJECTION]: Susceptibility to indirect prompt injection.
  • Ingestion points: Markdown files are read from the filesystem using cat in daily-note.sh.
  • Boundary markers: No delimiters or instructions are used to distinguish note content from system commands.
  • Capability inventory: The skill possesses file read/write (cat, touch), directory creation (mkdir), and local network access (curl) capabilities.
  • Sanitization: Note content is not sanitized or validated before being provided to the agent, potentially allowing embedded instructions to influence agent behavior.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 11:38 PM