zettel-brainstormer
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes content from local markdown files that may contain untrusted or adversarial instructions.
- Ingestion points: Files identified by
scripts/find_links.pyare read and their contents are passed to thepreprocess_modelandpro_modelvia the logic inscripts/draft_prompt.py. - Boundary markers: Notes are delimited using markdown headers (e.g.,
### Note: {title}) within the prompt, which provides structural separation but does not explicitly instruct the model to ignore embedded commands. - Capability inventory: The skill has the ability to read from the local file system (within the configured
zettel_dir) and write generated markdown drafts to anoutput_dir. - Sanitization: Content extracted from notes is included in the final prompts without sanitization or filtering for known prompt injection patterns or control markers.
Audit Metadata