knowledge-sync
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected within the vault-to-skill synchronization process. Ingestion points: Data is ingested from external Markdown files located in the 'Second Brain' directory using search and read operations. Boundary markers: No delimiters or 'ignore' instructions are used to isolate ingested pattern text from the agent's primary instructions. Capability inventory: The skill can modify other
SKILL.mdfiles and executesobsidianCLI commands to interact with the filesystem. Sanitization: No validation or sanitization of the proposed pattern content is performed before presentation for approval. - [COMMAND_EXECUTION]: The skill executes local commands using the
obsidianCLI tool to search, read, and append data within the local vault and updates agent behavior by modifyingSKILL.mdinstruction files.
Audit Metadata