obsidian-prd
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its repository exploration phase.
- Ingestion points: As described in Phase 2 of
SKILL.md, the agent is instructed to explore the user's repository to identify modules and verify assertions. - Boundary markers: The skill lacks explicit instructions or delimiters to treat repository content as untrusted data or to ignore instructions found within the repository files.
- Capability inventory: The agent has the capability to read repository files and write markdown files to a user-provided vault path on the local file system as defined in Phase 5 of
SKILL.md. - Sanitization: There are no mechanisms specified to sanitize or validate the content read from the repository before it influences the agent's PRD generation process.
Audit Metadata