ideaverse-maintenance
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection surface (Category 8). The skill is designed to parse and analyze external content (Obsidian vault notes) which may contain malicious instructions. * Ingestion points: Reads all markdown files and frontmatter within the user-provided vault path. * Boundary markers: Absent. There are no instructions for the agent to ignore or delimit instructions found within the note content. * Capability inventory: The agent executes subprocesses (Python scripts) and makes decisions about file archival or deletion based on the results. * Sanitization: Absent. No mention of sanitizing or escaping the content read from the vault notes.
- [COMMAND_EXECUTION] (MEDIUM): The skill invokes multiple Python scripts from a relative local directory. While these scripts are likely part of the skill package, they perform broad file system discovery and suggested modifications, and their implementation details are not provided in the primary skill file for verification.
Recommendations
- AI detected serious security threats
Audit Metadata