sync-github-to-obsidian
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard bash utilities (
ls,mkdir,find,cp) to manage local documentation files. These commands are consistent with the stated purpose of the skill. - [DATA_EXFILTRATION] (SAFE): No network operations or external data transfer mechanisms (like
curlorwget) were identified. Data movement is restricted to the local filesystem. - [CREDENTIALS_UNSAFE] (SAFE): While the skill contains a hardcoded absolute path (
/Users/danieltang/GitHub), this is an identity exposure (PII) rather than a credential or secret leak. - [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface because it reads and processes the content of markdown files originating from external repositories.
- Ingestion points: Any
.mdfile located within the/Users/danieltang/GitHubdirectory structure. - Boundary markers: None are implemented; the agent processes file content directly.
- Capability inventory: The skill can list directories, create folders, and copy files locally.
- Sanitization: No sanitization or content filtering is performed on the files before processing.
Audit Metadata