note-to-blog
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- DATA_EXFILTRATION (HIGH): The skill accesses highly sensitive files at
~/.claude/history.jsonland Claude project session data in~/.claude/projects/. These files contain logs of user interactions which may include private data or credentials. This access is utilized for the skill's primary purpose of generating relevant blog topic recommendations based on recent activity, which justifies a one-level downgrade of the final verdict to MEDIUM. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection via notes in the user's Obsidian vault.
- Ingestion points: Obsidian notes are read via
note_repoand incorporated into LLM prompts. - Boundary markers: Notes are placed in standard markdown code blocks in the scoring prompt without explicit instructions to ignore embedded commands.
- Capability inventory: The skill can execute Python scripts and write files to the blog repository.
- Sanitization: No sanitization or validation is performed on note content before processing.
- COMMAND_EXECUTION (LOW): The skill executes the local Python script
scripts/note-to-blog.pyto perform collection and conversion tasks. - EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of the
pyyamlPython package and suggests adding the externalwriting-proofreadingskill vianpx.
Audit Metadata