vault-structure
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a bash script
scripts/read-vault-file.shthat executes thecatcommand to read files from the local filesystem. - [COMMAND_EXECUTION]: Path Traversal vulnerability in
scripts/read-vault-file.sh. The script fails to sanitize the filename argument before use, enabling access to sensitive files outside the intended vault directory (e.g.,/etc/passwd) using relative paths or absolute paths. - [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface. The skill is designed to read and interpret content from an Obsidian vault which can contain untrusted data.
- Ingestion points: Files located within the hardcoded vault path
/Users/kriscard/obsidian-vault-kriscard. - Boundary markers: None; the skill lacks specific markers to delimit or ignore instructions embedded within vault content.
- Capability inventory: File reading capabilities via
cat(withinscripts/read-vault-file.sh) and theobsidian readcommand. - Sanitization: None; no validation or escaping of external content is performed before the agent processes the data.
Audit Metadata