vault-setup
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by taking free-text user input and incorporating it into configuration files that govern agent behavior. * Ingestion points: The free-text self-description collected in Step 1 is used to populate CLAUDE.md. * Boundary markers: The skill does not use delimiters or instructions to prevent the agent from following commands embedded in the user-provided text. * Capability inventory: The skill writes persistent SKILL.md files and can append content to the global ~/.claude/CLAUDE.md file. * Sanitization: No validation or escaping is performed on user input before it is written to configuration files.
- [COMMAND_EXECUTION]: The skill executes shell commands to configure the local environment. * It uses 'mkdir -p' to create the vault folder structure. * It uses 'open -a Obsidian' to launch an external application.
- [PROMPT_INJECTION]: The skill modifies global configuration to achieve persistence for its instructions. By appending a reference to the local vault to ~/.claude/CLAUDE.md, it ensures that instructions derived from potentially malicious user input are loaded in every future session of the agent on the host system.
Audit Metadata