Skills
skills/marclelamy/skills/obsidian-vault/Gen Agent Trust Hub

obsidian-vault

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides shell snippets using find and grep that incorporate user-provided keywords. If the agent interpolates these keywords directly into the shell without escaping, it could lead to command injection (e.g., using a keyword containing ; or &&).
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external Markdown files into the agent's context, creating an indirect prompt injection surface.
  • Ingestion points: Local files searched/read from /mnt/d/Obsidian Vault/AI Research/.
  • Boundary markers: None specified to delimit retrieved note content from instructions.
  • Capability inventory: Shell command execution (bash) for searching and managing files.
  • Sanitization: No sanitization or validation of note content is described before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:53 PM