Skills
skills/flowing-abyss/obsidian-vault-skills/weekly-review/Gen Agent Trust Hub

weekly-review

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local JavaScript and Bash code using the obsidian eval command to calculate ISO week numbers and date ranges for note organization.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it reads and summarizes 'free-text' user entries from daily notes to identify recurring patterns.
  • Ingestion points: Reads raw text from daily notes located in periodic/daily/ to generate inferences.
  • Boundary markers: While it attempts to exclude specific callouts (e.g., [!briefing]), it lacks explicit instructions or delimiters to ignore embedded commands within the user's text.
  • Capability inventory: The skill has full read/write access to the Obsidian vault, allowing it to search all notes and modify files.
  • Sanitization: No sanitization or validation is performed on the user-written content before it is interpreted by the agent for reflection questions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 05:07 PM