Skills
skills/phelps-sg/claude-code-obsidian-skills/external-sync/Gen Agent Trust Hub

external-sync

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill leverages Model Context Protocol (MCP) tools to interact with external services like Notion to fetch content for synchronization.
  • [COMMAND_EXECUTION]: The skill uses local file system tools (Grep, Glob, Read) to inspect the Obsidian vault and identify relevant topics for synchronization.
  • [PROMPT_INJECTION]: The process of fetching and summarizing external articles introduces a risk of indirect prompt injection. Ingestion points: External content is fetched from remote APIs in SKILL.md. Boundary markers: No explicit delimiters are used in the prompt for external data. Capability inventory: The skill possesses Write, Edit, and Task tools as defined in SKILL.md. Sanitization: The 'Preview and Confirm' step acts as a critical mitigation by requiring user approval before any file system changes occur.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 07:07 PM