obsidian
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard system commands such as cat, find, ls, and grep to manage files within the vault. This functionality is expected and appropriate for its stated purpose.
- [PROMPT_INJECTION]: The skill ingests untrusted data from local markdown files, creating an indirect prompt injection surface. Malicious instructions within a note could potentially influence the agent when that note is read into the context. 1. Ingestion points: Note content retrieval via cat and grep commands in SKILL.md. 2. Boundary markers: Content is read directly without delimiters or safety warnings to the agent. 3. Capability inventory: The skill can read, search, list, and write/append to local files. 4. Sanitization: No sanitization or content validation is performed on the data retrieved from the vault.
Audit Metadata