log-to-obsidian
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill exhibits a surface for indirect prompt injection by design.
- Ingestion points: The skill explicitly reads and summarizes external 'session' logs and 'git history' (SKILL.md, Step 2).
- Boundary markers: No delimiters or safety instructions are defined to prevent the agent from following commands that might be embedded within the git logs or session data.
- Capability inventory: The skill is designed to write and append content to markdown files within the user's local directory (~/Documents/nls).
- Sanitization: There is no logic provided to sanitize or escape the content retrieved from logs before processing it into the final note.
- Data Exposure & Exfiltration (SAFE): While the skill accesses local document paths, there are no network functions or commands that would facilitate external data transfer.
- Remote Code Execution (SAFE): No external dependencies or script execution patterns were detected.
Audit Metadata