idea
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill interacts with a local Obsidian vault through MCP tools. No network operations or external data transfers were detected. Sensitive file access is restricted to the user-defined vault.
- [Prompt Injection] (SAFE): The instructions are focused on structured note-taking and do not contain any bypass markers or attempts to override system safety protocols.
- [Indirect Prompt Injection] (LOW): As a note-taking skill that both reads from and writes to a local database (the vault), there is an inherent surface for indirect prompt injection. A user could store a malicious instruction in a note that the agent later processes.
- Ingestion points: User-provided idea descriptions are stored in Markdown files.
- Boundary markers: The templates do not use specific delimiters to isolate user-generated content from agent instructions during retrieval.
- Capability inventory: The skill uses
obsidian_get_file_contents(read),obsidian_append_content(write), andobsidian_delete_file(delete). - Sanitization: Filenames are sanitized via slug generation, but note content is stored as-is without escaping.
- [Command Execution] (SAFE): File operations are performed through specialized MCP tools rather than raw shell commands, significantly reducing the risk of arbitrary command execution.
Audit Metadata