link-check
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Injection (HIGH): The skill executes a Grep command using {vault} and {folder} parameters without apparent sanitization. A malicious user or agent could inject shell commands via these variables to achieve arbitrary code execution.
- Indirect Prompt Injection (HIGH): 1. Ingestion points: Reads all .md files in the vault via Grep (SKILL.md). 2. Boundary markers: Absent; link targets are parsed directly from file content without delimiters. 3. Capability inventory: Executes shell commands (Grep) and generates actionable recommendations based on note content. 4. Sanitization: None. Risk: Content within vault files could be crafted to manipulate the agent's reasoning or the resulting report recommendations, potentially leading to destructive actions if the agent has write access.
- Data Exposure (LOW): The skill accesses all file content within the specified directory. While functionally necessary for link checking, it exposes the entire private knowledge base to the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata