docs-knowledge-graph
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection as it processes content from markdown files within an Obsidian vault. Malicious instructions hidden in these files could potentially hijack the agent's logic during the knowledge graph construction process.\n- Ingestion points: Scans all files in the 'z/' directory of the current Obsidian vault via the 'Glob' and 'Read' tools.\n- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present to isolate untrusted file content from the agent's instructions.\n- Capability inventory: The skill uses 'Read', 'Glob', 'Task', and 'TodoWrite' tools. While restricted, indirect injection could still lead to unwanted 'Task' creation or manipulation of the 'memory-keeper' agent.\n- Sanitization: The instructions do not specify any sanitization, escaping, or validation of the documentation content before it is processed and summarized by the agent.
Audit Metadata