format-note
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill creates a high-risk surface for indirect prompt injection by reading untrusted user content and performing subsequent write operations.
- Ingestion points: Step 1 reads existing notes from the
/Users/lshsa2/obsidian-vault/unpublished/directory. - Boundary markers: Absent. The agent is instructed to 'Analyse content' to determine tags, providing an opportunity for malicious instructions within the note to influence the agent.
- Capability inventory: The agent has the capability to read files and write/modify files (updating frontmatter in Step 3 and appending links to daily notes in Step 5).
- Sanitization: None. The agent uses the analyzed content directly to determine metadata and descriptions.
- [DATA_EXPOSURE] (LOW): The skill exposes a specific local file system path (
/Users/lshsa2/obsidian-vault) in its configuration, revealing user-specific environment details.
Recommendations
- AI detected serious security threats
Audit Metadata