harvest
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the SKILL.md and reference templates confirms no presence of malicious logic, obfuscation techniques, or unauthorized system access. The skill manages local project memory through Markdown file operations.- [PROMPT_INJECTION]: The skill processes user-controlled data from files like task_plan.md and progress.md, presenting a surface for indirect prompt injection. This is mitigated by: 1) Ingestion points: Restricted to task_plan.md, findings.md, and progress.md. 2) Boundary markers: Implementation of 'harvest:exclude' tags to bypass specific content. 3) Capability inventory: Operations are limited to reading and writing documentation in docs/notes. 4) Sanitization: Extraction rules use an allowlist for technical outcomes and validate content against predefined templates. Given the primary purpose is documentation harvesting, this surface is considered safe.- [COMMAND_EXECUTION]: The skill instructs the agent to perform file system operations (creation and appending of notes). These operations are bound to specific paths within the docs/notes directory and use standard Obsidian-compatible Markdown patterns. No dangerous shell command injection or arbitrary execution patterns were detected.
Audit Metadata