obsidian-exporter
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external JSON files and interpolates it into a Markdown template without sanitization. This creates a surface where malicious instructions in the source data could influence the agent during processing.\n
- Ingestion points: Reads from user-provided paths such as
output/generated_topics/*.json.\n - Boundary markers: Absent; the logic does not define delimiters to isolate external content from instructions.\n
- Capability inventory: File system write access to create directories and save Markdown files in the Obsidian vault.\n
- Sanitization: Absent; the SOP does not specify validation or escaping of the input JSON content.\n- [File System Access] (SAFE): The skill is designed to read from and write to the local filesystem. This behavior is consistent with its primary purpose of managing a knowledge base.
Audit Metadata