periodic-rollup
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) as it ingests content from vault notes during history and periodic rollups.
- Ingestion points: Note content is retrieved from the '01-Days' and '03-Records' folders via 'rg' and 'obsidian-cli'.
- Boundary markers: Absent; the skill lacks delimiters or 'ignore embedded instructions' warnings for processed data.
- Capability inventory: Includes file creation ('obsidian-cli create') and file reading ('obsidian-cli search-content').
- Sanitization: Absent; there is no logic to escape or validate content before it is processed by the AI or used in commands.
- [COMMAND_EXECUTION] (LOW): The skill utilizes local shell commands ('rg', 'obsidian-cli') for its core functionality. While appropriate for the use case, this constitutes a local command execution surface.
Audit Metadata