create-topic-note
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill exhibits a surface for indirect prompt injection by processing untrusted content from the user's vault and using it to influence file-write operations.
- Ingestion points:
SKILL.md(Step 1: Read the provided notes) reads note frontmatter and content to synthesize summaries. - Boundary markers: Absent. There are no delimiters or specific instructions for the agent to ignore embedded commands within the notes being read.
- Capability inventory:
SKILL.md(Step 3 and 4) has the capability to create new markdown files and modify the metadata of existing files. - Sanitization: Absent. The skill does not describe any methods for escaping or validating the content extracted from source notes before writing it to new files.
Audit Metadata