Skills
skills/adeonir/agent-skills/wrap-up/Gen Agent Trust Hub

wrap-up

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses multiple shell commands to manage configuration and repository state. In references/mapping.md, it executes mkdir -p ~/.config/wrap-up and printf to store the Obsidian vault path in a global configuration file. It also uses ln -s to create local directory symlinks and git rev-parse --show-toplevel for project discovery. Furthermore, references/handoff.md executes a git diff command using command substitution ($(git merge-base main HEAD)) to detect structural changes in the repo.
  • [INDIRECT_PROMPT_INJECTION]: The skill features an indirect prompt injection surface by ingesting data from local artifact files. It reads .artifacts/.handoff.md (specifically 'Findings', 'Decisions', and 'Blockers' sections) and incorporates this content into notes written to the Obsidian vault. Malicious instructions or data embedded in these artifacts could influence the agent's output during the note-generation phase.
  • Ingestion points: Reads content from .artifacts/.handoff.md (handoff.md), wrap-up.yml (mapping.md), and existing Obsidian notes (obsidian-notes.md).
  • Boundary markers: The skill relies on Markdown headers as delimiters but does not include instructions for the agent to ignore or sanitize embedded instructions within the ingested text.
  • Capability inventory: The skill can execute shell commands (git, mkdir, ln, printf), perform file writes to configuration files and local artifacts, and interact with the Obsidian vault via MCP tools.
  • Sanitization: There is no evidence of validation or escaping performed on the ingested Markdown content before it is processed or written to new files.
  • [PROMPT_INJECTION]: The skill includes instructions that direct the agent to bypass standard user review patterns. Both SKILL.md and references/obsidian-notes.md explicitly command the agent to execute all note-writing steps without providing previews or asking for confirmation. This design, aimed at providing a seamless automation experience, reduces user oversight of the agent's file system and MCP operations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 06:44 PM
Security Audit — agent-trust-hub — wrap-up