project-to-obsidian
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from external project directories.
- Ingestion points: The skill uses
GlobandReadtools to ingest project files (source code, configuration, documentation) during PHASE 1 and PHASE 2 inSKILL.md. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined when the agent processes the ingested content.
- Capability inventory: The agent has access to
Bash,Write, andobsidian_append_content(MCP) tools, which could be abused if the agent follows malicious instructions hidden in the analyzed files. - Sanitization: There is no evidence of content sanitization or validation before the agent analyzes and summarizes the project files.
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform project scanning and directory structure identification. - Evidence:
SKILL.mdexplicitly mentions using "Bash ls/find" in PHASE 1. While intended for legitimate metadata gathering, the use of shell commands on user-provided project paths introduces a potential attack surface. - [DATA_EXFILTRATION]: The skill accesses potentially sensitive configuration files during its scanning process.
- Evidence: PHASE 1 in
SKILL.mddefines glob patterns that include**/.env*and**/config.*. While the intent is to document project configuration, reading these files could lead to the accidental exposure of hardcoded secrets or environment variables in the generated documentation.
Audit Metadata