migrate
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves ingesting and processing external data from various third-party sources.
- Ingestion points: Data is read from external directories and files (Obsidian vaults, Notion exports, CSV/JSON files) as described in the migration phases in
SKILL.md. - Boundary markers: The skill's instructions lack the use of delimiters or explicit warnings to the agent to disregard instructions embedded within the source data being migrated.
- Capability inventory: The skill utilizes tools to write content (
put_page), perform searches (search), and manage metadata (add_link,add_tag), all of which could be manipulated by adversarial content in the source data. - Sanitization: There are no outlined procedures for sanitizing, escaping, or validating the content of the external files before the agent processes or stores them in the target system.
Audit Metadata