obsidian-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The file references/advanced-workflows.md contains a shell script snippet for vault maintenance that uses standard Unix commands such as find, wc, sort, and uniq to analyze vault file metadata.
- [PROMPT_INJECTION]: The skill defines workflows for Inbox Processing and Weekly Review that involve an agent reading and making decisions based on the content of user-provided notes, which presents a surface for indirect prompt injection.
- Ingestion points: Content from user notes located in the 0
- Inbox and PARA folders (defined in SKILL.md).
- Boundary markers: None identified; instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing note content.
- Capability inventory: The agent is authorized to modify vault structure, move files, and edit note contents during review processes.
- Sanitization: There is no mention of sanitizing or validating note content before processing or acting upon it.
Audit Metadata