zettel-link
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill exhibits no malicious characteristics, obfuscation, or attempts to bypass security constraints. All operations are transparent and use standard Python libraries.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill transmits note content to external embedding providers (OpenAI at api.openai.com or Google Gemini at googleapis.com) or a local Ollama instance. This behavior is documented and necessary for the skill's semantic search functionality. Sensitive credentials (API keys) are managed through environment variables rather than being hardcoded in the scripts, which aligns with security best practices.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes local markdown notes as its primary data source.\n
- Ingestion points: Reads files with the .md extension from a user-specified directory in scripts/embed.py.\n
- Boundary markers: None implemented; text is processed as a raw string after cleaning.\n
- Capability inventory: Capabilities are restricted to reading/writing local files and making network requests to authorized embedding APIs. There are no functions for subprocess execution or dynamic code evaluation.\n
- Sanitization: The scripts include a clean_text function in scripts/embed.py that strips frontmatter, code blocks, HTML, and URLs from notes prior to embedding, which reduces the surface for potential injection attacks.
Audit Metadata