cross-linker

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs legitimate file system operations to scan and modify a local Obsidian vault. It adheres to the retrieval primitives of the framework by minimizing full-file reads where possible during the initial registry phase.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from user-created markdown files.
  • Ingestion points: Full content of markdown files is read during the unlinked-mention detection pass in Step 2.
  • Boundary markers: The instructions do not specify the use of boundary markers or instructions to ignore embedded commands within the wiki pages.
  • Capability inventory: The skill has file-write capabilities, allowing it to modify page content, update YAML frontmatter, and write to log files (Step 4, Step 7).
  • Sanitization: No explicit sanitization or validation of ingested markdown content is performed before the agent uses it to infer relationship types or generate reports. However, since this is the primary function of the tool and operates locally, the risk is considered low.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 07:37 PM
Security Audit — agent-trust-hub — cross-linker