ai-productivity-column
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure] (HIGH): The skill explicitly references and operates on hardcoded absolute file paths within a specific user's home directory (/Users/ugreen/). This exposes local directory structures and specific documents to the agent's context.
- [Indirect Prompt Injection] (HIGH): The skill is susceptible to indirect prompt injection as it processes content from external Obsidian notes to influence its internal logic and subsequent file operations.
- Ingestion points: Workflow Step 1 in SKILL.md reads directory listings and planning files from the local filesystem.
- Boundary markers: Absent. There are no delimiters or specific instructions to the agent to ignore or isolate potentially malicious instructions within the notes it reads.
- Capability inventory: The skill possesses the capability to create new files and modify existing planning documents (Workflow Steps 5 and 6).
- Sanitization: Absent. Content read from the external vault is used to drive the agent's writing logic without any validation or escaping.
Recommendations
- AI detected serious security threats
Audit Metadata