video-note
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to read from and write to specific local filesystem paths, including the user's home directory (
/Users/joel/Vault/Resources/videos/). While this is the primary purpose of the skill for the author, accessing the home directory is a sensitive operation that could lead to unintended data exposure if the agent is misdirected. - [COMMAND_EXECUTION]: The skill's documentation explicitly includes shell commands (
ls) as part of the reference for interacting with the content system. Although these are intended as examples, they demonstrate the agent's capability to interact with the system shell. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from external markdown files.
- Ingestion points: The agent reads content from arbitrary markdown files located in the
/Users/joel/Vault/Resources/videos/directory. - Boundary markers: There are no explicit boundary markers or instructions (such as 'treat the following as data only') to prevent the agent from obeying instructions hidden within the source notes.
- Capability inventory: The agent has the ability to read local files, transform content using its internal writing style logic, and write new files to the
apps/web/content/directory. - Sanitization: No sanitization logic is present to filter or escape instructions embedded within the source markdown files before they are processed by the LLM.
Audit Metadata