obsidian-links
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface for indirect prompt injection because it reads and matches content from user-provided vault files.\n
- Ingestion points: Markdown files accessed via
Read,Glob, andGreptools.\n - Boundary markers: No delimiters or warnings are used to distinguish file content from system instructions.\n
- Capability inventory: The skill uses the
Edittool to modify vault files based on extracted content.\n - Sanitization: No explicit sanitization or validation of the text read from files before it is processed or used in operations.
Audit Metadata