obsidian-markdown-structure
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill requires the agent to read and edit markdown files from the user vault which could contain malicious instructions.
- Ingestion points: Processes markdown files using the Read tool.
- Boundary markers: The instructions lack specific delimiters or warnings to ignore embedded commands within the processed files.
- Capability inventory: The agent uses the Edit tool to modify the filesystem based on the ingested content.
- Sanitization: No content filtering or validation logic is provided to sanitize the files before they are processed by the agent.
Audit Metadata