obsidian-upgrade
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted user data to inform agent actions.
- Ingestion points: The skill reads and audits all files within the
docs/directory and references a local 'canonical spec' file atskills/obsidian-plan-wiki/SKILL.md. - Boundary markers: No specific boundary markers or 'ignore' instructions are used when passing content from the wiki files to the subtask agents.
- Capability inventory: The skill utilizes 'general-purpose' subagents and has the capability to read and modify local markdown files during the upgrade execution phase.
- Sanitization: The skill lacks sanitization or validation logic to filter out potentially malicious instructions embedded within the markdown comments or documentation it processes.
Audit Metadata