obsidian-generate-vault
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill directs the agent to perform file system and text manipulation operations using raw user input. Evidence: Step 2.3 and 2.4 contain instructions to run 'mkdir -p ' and 'sed -i '' "s/{{VAULT_NAME}}//g" /Home.md' using variables collected from the user. Risk: If the agent does not properly escape these variables, a malicious input containing shell metacharacters (e.g., semicolons, backticks, or pipes) could result in arbitrary code execution.
- Indirect Prompt Injection (LOW): The skill possesses an injection surface as it processes external data. 1. Ingestion points: User input for vault path and name (SKILL.md Step 1). 2. Boundary markers: Absent. 3. Capability inventory: Execution of shell commands (mkdir, cp, sed). 4. Sanitization: Absent in the provided logic.
Audit Metadata