today
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'obsidian eval' tool to execute JavaScript code blocks for ISO week calculations, which involves running dynamic code within the user's environment.
- [COMMAND_EXECUTION]: The skill invokes system-level commands including 'grep' for searching task patterns and 'rm' for deleting files. Specifically, it is instructed to delete past daily notes if they are deemed empty after task migration.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for Indirect Prompt Injection (Category 8). It ingests untrusted data from various vault locations (daily notes, project indices, weekly notes) and uses this content to generate the 'Seed' and 'Materials' sections. 1. Ingestion points: Reads last 3-5 daily notes, active projects notes, recently modified vault notes, and weekly focus notes. 2. Boundary markers: None identified. 3. Capability inventory: File read/write via Edit tool, file deletion via rm, command execution via obsidian eval, and vault search via obsidian search and grep. 4. Sanitization: No filtering or escaping of vault content is mentioned before interpolation into the daily note briefing block.
Audit Metadata