Knowledge Manager Workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (LOW): The skill contains strong imperative language (e.g., 'MANDATORY WORKFLOW
- 절대 건너뛰지 마세요!', '⚠️ This step must not be skipped!') designed to override the agent's default decision-making process and enforce a rigid sequence.
- COMMAND_EXECUTION (LOW): The skill defines logic for executing MCP (Model Context Protocol) tools such as 'mcp_obsidian_search_vault' and 'mcp_obsidian_create_note' to interact with the local filesystem and knowledge bases.
- DATA_EXFILTRATION (LOW): The skill accesses local configuration files ('km-config.json') and reads content from personal Obsidian vaults. While no malicious external transmission is detected, this capability combined with the ingestion of untrusted data represents a potential exposure surface.
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Analysis: (1) Ingestion points: External URLs (Threads, Instagram, Web) and local files (PDF, DOCX) are extracted in Phase 1 and 2 (SKILL.md). (2) Boundary markers: Absent; extracted content is processed without delimiters or warnings to ignore embedded instructions. (3) Capability inventory: The skill utilizes search, read, and write capabilities via Obsidian MCP tools (SKILL.md). (4) Sanitization: No sanitization or validation of external content is specified before it is analyzed or saved to the knowledge base.
Audit Metadata