graph-builder
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill processes untrusted content from the user's Obsidian vault to identify note titles and suggest links. While this represents an attack surface for indirect prompt injection if the vault contains malicious notes, the implementation is safe.
- Ingestion points:
scripts/add_links.py(lines 81, 114) andscripts/analyze.py(line 52) read markdown files from the filesystem. - Boundary markers: Not present; the scripts read raw file content for regex matching.
- Capability inventory:
scripts/add_links.py(line 138) can write to markdown files within the vault. - Sanitization: The scripts use regex escaping (
re.escape) when searching for note titles and restrict HTML output for messaging platforms to a minimal set of safe tags (, , ). - Command Execution (SAFE): The skill uses Python's standard library for file operations. It does not invoke shell commands, spawn subprocesses, or use dynamic execution functions like
eval()orexec(). - Data Exfiltration (SAFE): No network operations were detected. All file access is localized to the provided vault directory path.
- Credentials (SAFE): No hardcoded API keys, tokens, or credentials were found in the scripts or metadata.
Audit Metadata