attachment-janitor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
obsidian deleteandobsidian renamecommands to perform file management tasks. These operations are restricted to the vault's attachment directory.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and interprets the content of markdown notes to generate filenames.\n - Ingestion points: Processes all markdown (.md) files in the vault to establish a reference map and extract context for renaming.\n
- Boundary markers: Does not employ specific delimiters or instructions to ignore potential commands within the note content.\n
- Capability inventory: Has the capability to modify the filesystem through deletion and renaming commands.\n
- Sanitization: Lacks specific sanitization or validation of the text extracted from notes before using it to generate shell command arguments (filenames).
Audit Metadata