Skills
skills/zhanlincui/ultimate-agent-skills-collection/project-to-obsidian/Gen Agent Trust Hub

project-to-obsidian

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it reads and processes untrusted content from the target project directory.
  • Ingestion points: Any file within the path provided to the /p2o command (e.g., source code files, READMEs, config files).
  • Boundary markers: No specific delimiters or "ignore instructions" wrappers are used in the templates or described in the README to separate analyzed code from agent instructions.
  • Capability inventory: The skill utilizes Bash, Read, and Write tools, providing a significant surface for exploitation if an injection is successful (e.g., an attacker could place instructions in a code comment to delete files or write backdoors).
  • Sanitization: No evidence of input sanitization or validation of the content being read from the project files.
  • [COMMAND_EXECUTION] (LOW): The skill requests the Bash tool in its dependencies to perform project analysis and directory structure mapping. While a common requirement for project analysis tools, it grants the agent broad capabilities that could be abused if the agent is tricked by malicious project content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:27 PM