doc-vault-save
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill generates shell commands to interact with the Obsidian vault via
notesmd-cliandqmd. It includes specific sanitization instructions (e.g., kebab-case, lowercase, no special characters) for user-provided inputs such as note names and folder paths, which significantly mitigates the risk of command injection. - [DATA_EXFILTRATION]: The skill reads existing vault notes to perform deduplication and link generation, but it contains no network-capable commands (e.g., curl, wget) or external data transmission logic.
- [PROMPT_INJECTION]: Instructions regarding user overrides for content types and folders are presented as standard functional features within the workflow and do not attempt to bypass agent safety filters or override core instructions.
- [EXTERNAL_DOWNLOADS]: The skill does not download external scripts or packages; it relies entirely on pre-installed prerequisite CLI tools specified in the documentation.
Audit Metadata