Skills
skills/tmeister/skills/vault-connect/Gen Agent Trust Hub

vault-connect

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses grep and sed commands to extract wikilinks from local Markdown files. These operations are restricted to the local file system and are necessary for the skill's primary function of link traversal.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes content and filenames from the user's vault, which may contain untrusted data.
  • Ingestion points: Reads the content of notes and file names from the directory ~/Documents/vault-notes.
  • Boundary markers: No explicit delimiters are used to wrap note content or prevent the agent from following instructions embedded within the notes.
  • Capability inventory: The skill can read local files, execute shell commands (grep, sed), and write new files to the vault.
  • Sanitization: There is no evidence of content validation or escaping before data is processed by the AI or passed to shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 12:23 AM