obsidian-clipper-template-creator
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to fetch and analyze content from user-provided URLs using the WebFetch tool or DOM snapshots as described in SKILL.md and references/analysis-workflow.md. This external, untrusted content is processed by the agent without explicit sanitization or boundary markers to prevent embedded instructions from influencing behavior.
- Ingestion points: Page content retrieved via WebFetch or DOM snapshots.
- Boundary markers: Absent; the agent is not instructed to disregard potential instructions within the fetched HTML or Schema.org data.
- Capability inventory: The agent can perform network reads (WebFetch) and local file reads (Bases/*.base).
- Sanitization: There is no evidence of sanitization or filtering of the fetched external content before it is analyzed by the agent.
- [DATA_EXFILTRATION]: Local File and Network Access. The skill involves reading local files and performing network requests.
- File Access: The agent reads schema definition files from 'Bases/*.base' to structure the templates (references/bases-workflow.md).
- Network Access: The agent uses WebFetch to retrieve content from external URLs provided by the user (SKILL.md, references/analysis-workflow.md).
Audit Metadata