ask
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a Retrieval-Augmented Generation (RAG) pattern, searching through local directories such as
decisions/,blockers/, anddocs/to answer user questions. - [EXTERNAL_DOWNLOADS]: The documentation includes a reference to an external GitHub repository (
github.com/tobi/qmd) as a recommendation for users to enhance search capabilities. The skill does not attempt to automate the download or execution of this software. - [PROMPT_INJECTION]: The skill ingests data from local vault files which could theoretically contain instructions intended to influence the agent's response (indirect prompt injection). This is an inherent risk for search-based skills, and the impact is limited by the skill's restricted tool access (Read, Glob, Grep) and focused task scope.
- [COMMAND_EXECUTION]: While the skill mentions using 'Grep', it is listed as an allowed platform tool rather than an arbitrary shell command execution, which aligns with standard security sandboxing practices.
Audit Metadata