kao-logseq
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted data within the Logseq graph directory.\n
- Ingestion points: The agent reads and processes content from markdown files within the
journals/andpages/directories.\n - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from interpreting instructions embedded within the user's graph data.\n
- Capability inventory: The skill allows the agent to create and modify files within the graph root, including modification of potentially sensitive files such as
logseq/custom.jsandlogseq/config.edn.\n - Sanitization: No evidence was found of content sanitization or validation for data read from the graph files before use or modification.
Audit Metadata