conversation-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface where untrusted data (conversation history) is ingested and used to generate files on the local disk. 1. Ingestion points: The skill reads conversation history (SKILL.md). 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the extracted history are present. 3. Capability inventory: The skill writes notes to a hardcoded local directory (E:\OBData\ObsidianDatas\0收集箱日清). 4. Sanitization: There is no evidence of sanitization or escaping of the conversation content before it is written to the file system.
- [Data Exposure & Exfiltration] (SAFE): No malicious data exfiltration or unauthorized file access patterns were detected. The file operations are confined to the user-specified directory for note storage.
Audit Metadata