paper-summary
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from paper notes stored in the vault.
- Ingestion points: Ingests content from
$OBSIDIAN_VAULT/Paper_Index.mdand$OBSIDIAN_VAULT/papers/{id}.md. - Boundary markers: Absent. Note content is read in full without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill performs local file read operations and writes markdown files to
$OBSIDIAN_VAULT/knowledge/Summary/. - Sanitization: Absent. There is no evidence of content validation or escaping before interpolation into the agent's context.
Audit Metadata