temple-generator
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted data from user-provided Obsidian vaults to generate entity classifications and poetic descriptions. Ingestion points:
scripts/extract_entities.pywalks the vault directory and reads.mdfile contents whileSKILL.mdStep 2 reads the resulting scan and samples note content. Boundary markers: No explicit delimiters or instructions are used to separate user data from agent instructions during classification. Capability inventory: The skill executes a local Python script and writes output files includingvault-scan.jsonandtemple-data.json. Sanitization: No sanitization of note content is performed before processing by the LLM. - [COMMAND_EXECUTION]: Execution of local utility script. The skill invokes
python3to runscripts/extract_entities.pyfor vault scanning. The script is bundled with the skill and performs local file read operations limited to markdown files. - [EXTERNAL_DOWNLOADS]: The visualization template fetches Three.js and MediaPipe libraries from well-known services. It uses
cdn.jsdelivr.netfor Three.js andstorage.googleapis.comfor MediaPipe models.
Audit Metadata