zettelkasten
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-authored Markdown notes which creates a surface for indirect prompt injection.
- Ingestion points: Notes are read from the ~/Documents/xiaodazi/zettelkasten/ directory (File: SKILL.md).
- Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions embedded in the note content.
- Capability inventory: The skill utilizes shell-based search (grep) and file system operations to interact with and process the notes.
- Sanitization: No sanitization or validation of the note content is described before the agent processes or searches the files.
- [COMMAND_EXECUTION]: Executes shell commands such as grep to search and retrieve content from the local zettelkasten files.
Audit Metadata