obsidian-save
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill grants access to the Bash tool for file creation. Although 'Slugify' instructions are provided for filenames, the lack of strict sanitization for the file content or path construction within a shell environment poses a potential risk of command injection.
- PROMPT_INJECTION (LOW): The skill is subject to Indirect Prompt Injection (Category 8). Ingestion points: It processes the entire conversation history (session context). Boundary markers: No delimiters are used to isolate untrusted session content from the agent's instructions. Capability inventory: The skill can write to the filesystem using Write and Bash tools. Sanitization: Filenames are slugified, but the content being written is not explicitly sanitized against embedded instructions.
Audit Metadata