think
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Command Execution (HIGH): The skill uses the
!datepattern. In many agent-skill runtimes and templating engines, this syntax triggers shell command execution. This allows for arbitrary command execution if the platform interprets these tags without strict sanitization. - Data Exposure (MEDIUM): The skill references a template at
@~/.config/opencode/templates/thinking-session.md. Accessing the~/.configdirectory is a sensitive operation as it often contains application secrets, tokens, and configuration data. - Indirect Prompt Injection (HIGH): The skill takes arbitrary user input via
$ARGUMENTSand processes it using a deep thinking protocol that concludes with a file-write operation. - Ingestion points:
$ARGUMENTSvariable inSKILL.md. - Boundary markers: Absent. The user input is directly interpolated at the end of the instructions.
- Capability inventory:
obsidian_append_content(file modification/creation),background_task(agent orchestration). - Sanitization: None detected. Malicious instructions in
$ARGUMENTScould influence the thinking protocol to exfiltrate data or modify unrelated Obsidian files.
Recommendations
- AI detected serious security threats
Audit Metadata