obsidian-canvas-creator
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted external data without sufficient protective boundaries. \n
- Ingestion points: Found in SKILL.md under 'Core Workflow
-
- Analyze Content' and 'Freeform Content Request', where the agent is instructed to 'Read and understand' and 'Extract' from arbitrary user text or articles.\n
- Boundary markers: Absent. The prompt does not specify the use of delimiters (e.g., XML tags or triple quotes) to separate user data from instructions.\n
- Capability inventory: The skill's capabilities are limited to data transformation and JSON generation for visualization. No evidence of file-writing, network communication, or code execution tools was found in the provided files.\n
- Sanitization: Absent. There are no instructions to the agent to ignore or filter embedded commands within the source text, only rules regarding JSON quote escaping.- NO_CODE (SAFE): The skill consists entirely of Markdown and text descriptions. No executable scripts (Python, JavaScript, etc.) or configuration files for package managers were detected in the skill package.
Audit Metadata