doc-daily-digest
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various CLI tools to manage vault data and system state, including
notesmd-clifor vault CRUD operations andqmdfor indexing. It also executes a local scriptx_fetch.pylocated at~/.claude/skills/res-x/scripts/to process social media URLs. - [DATA_EXFILTRATION]: The skill accesses sensitive local data by querying the macOS keychain. Specifically, it executes
security find-generic-password -s "xai-api" -w ~/Library/Keychains/claude-keys.keychain-dbto retrieve the xAI API key for content fetching purposes. - [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the well-known
scraplingpackage from PyPI usinguv tool install 'scrapling[all]'to provide advanced web scraping capabilities. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting and processing untrusted external data.
- Ingestion points: Raw URLs and fetched content from X, GitHub, and general web pages are parsed and passed to extraction prompts (SKILL.md).
- Boundary markers: Absent. There are no delimiters or instructions used to isolate the fetched external content from the agent's instructions.
- Capability inventory: The skill has file-write capabilities via
notesmd-cli createand command execution capabilities viaqmdandx_fetch.py(SKILL.md). - Sanitization: Absent. Content from external URLs is used to generate note titles, summaries, and key points that are written directly to the Obsidian vault.
Audit Metadata