obsidian-options
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process unstructured user input and content from external web sources during its research phases (Phase 2 and 3). This creates an attack surface for indirect prompt injection, where malicious instructions hidden on web pages could attempt to subvert the agent's logic.
- Ingestion points: The agent ingests untrusted data from the broad web research and user-provided task notes (SKILL.md, Phase 1 & 2).
- Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted web content from the agent's core instructions.
- Capability inventory: The agent has the capability to write markdown files to the
/resourcesdirectory and append comments to existing task notes (SKILL.md, Phase 5). - Sanitization: No explicit sanitization or filtering of external content is mentioned before it is synthesized into reports.
- Contextual Mitigation: Since the primary purpose of the skill is research and its write-actions are restricted to generating reports or appending activity logs, the risk associated with this surface is considered low and inherent to the tool's functionality.
- [DATA_EXFILTRATION]: While the skill performs web research (outbound network activity), it does not access sensitive system files (e.g., SSH keys, AWS credentials) or perform unauthorized data transmissions. Its file access is limited to the skill's own templates and the designated output directory.
Audit Metadata