Skills
skills/ar9av/obsidian-wiki/cross-linker/Gen Agent Trust Hub

cross-linker

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE]: The skill accesses local configuration files including .env and ~/.obsidian-wiki/config to resolve the vault path and link format settings. While these are sensitive file paths, their use is consistent with the skill's primary purpose of local wiki management.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted data from the markdown files it scans to identify potential links.
  • Ingestion points: The skill reads the full content, titles, and frontmatter of all .md files within the provided OBSIDIAN_VAULT_PATH (SKILL.md, Steps 1 and 2).
  • Boundary markers: No explicit delimiters or boundary markers are employed to isolate untrusted file content from the agent's internal instructions.
  • Capability inventory: The skill is granted file-read and file-write capabilities, allowing it to modify existing markdown pages and update vault logs (SKILL.md, Steps 4, 5, and 7).
  • Sanitization: Content is normalized using Unicode NFKD for matching, but there is no evidence of sanitization to prevent the agent from interpreting instructions that might be embedded in the wiki content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:48 PM