hydrate
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill reads external data from markdown files in an Obsidian vault, which could contain instructions that influence agent behavior.
- Ingestion points: Multiple files including 'Areas/AI/Context/Current State.md', 'Areas/AI/Context/Decision Register.md', and various memory/session logs.
- Boundary markers: Absent. The skill does not use specific delimiters to isolate the ingested data from the agent's instructions.
- Capability inventory: The skill defines read-only operations using 'Grep' and 'Glob' tools.
- Sanitization: Absent. There is no validation or filtering of the file content before it is processed by the agent.
Audit Metadata