obsidian-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill interpolates untrusted user input directly into file system paths, creating a potential path traversal vulnerability.\n
- Ingestion points:
SKILL.mdtask and PRD creation workflows.\n - Boundary markers: Absent; there are no delimiters to separate user data from filesystem commands.\n
- Capability inventory: Direct file-write access to the local filesystem.\n
- Sanitization: Absent; the skill does not instruct the agent to sanitize user-provided titles for path-manipulation characters.\n- [NO_CODE]: The skill is composed entirely of markdown instructions and YAML configuration without any executable code or external scripts.
Audit Metadata