context-builder
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the web (WebFetch) and local vault transcripts (Grep) to populate a new prompt template. This creates an indirect prompt injection surface where malicious instructions in the source material could influence downstream agent behavior.
- Ingestion points: WebFetch (external web research), Grep (local vault transcripts).
- Boundary markers: The references/prompt-template.md uses markdown headers but lacks explicit 'ignore embedded instructions' markers or delimiters for untrusted content.
- Capability inventory: The skill uses WebSearch, WebFetch, Grep, AskUserQuestion, and file writing tools.
- Sanitization: No filtering or escaping is performed on data retrieved from external or local sources before it is interpolated into the generated prompt.
- [DATA_EXFILTRATION]: The skill accesses sensitive local directories including the Obsidian vault's 'Daily/' and 'People/' folders to extract transcript and contact data. It also includes an optional step to send the generated consulting materials to an external service (Telegram) using a third-party skill. While these actions are intended for the primary consulting use case, they involve the transmission of private notes and research.
Audit Metadata