create-note
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure (MEDIUM): The skill contains a hardcoded absolute file path
/Users/lshsa2/obsidian-vaultin SKILL.md. This exposes specific local system usernames and directory structures. - Command Execution (HIGH): The 'Process' section specifies running an external command 'format-note' against the imported file. This tool is not defined within the skill, representing an unverifiable dependency that operates on untrusted user-provided content.
- Indirect Prompt Injection (HIGH): This skill exhibits a significant vulnerability surface for indirect prompt injection. * Ingestion points: The file at
<source_markdown_path>(SKILL.md). * Boundary markers: Absent. No delimiters or instructions are provided to the agent to ignore instructions embedded within the source markdown. * Capability inventory: Reads local files, writes/copies files to a specific vault, and executes the 'format-note' command (SKILL.md). * Sanitization: Absent. The skill provides no validation or escaping of the content read from the source file before it is processed by the formatting tool or written to the filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata