obsidian-card-maker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes arbitrary user-provided text and performs file system operations (
write_file), which is a known vector for indirect prompt injection. - Ingestion points: The skill accepts arbitrary text inputs (dialogues, excerpts, notes) to be restructured.
- Boundary markers: Absent; there are no specific instructions or delimiters provided to the agent to treat the user input strictly as data and ignore any embedded instructions.
- Capability inventory: The skill utilizes the
write_filetool to create Markdown files on the local machine. - Sanitization: The instructions mention generating filenames without illegal characters, but there is no explicit sanitization for the content being written to the file to prevent injection into the Markdown structure or escaping the template.
- Data Exposure (SAFE): While the skill asks for the Obsidian vault path, this is a functional requirement for its stated purpose. It does not exhibit patterns of credential theft or unauthorized network exfiltration.
Audit Metadata