vault-skill-factory
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local system commands and specialized CLI tools including
grep,glob,qmd, andvsearchto identify and cluster related documentation within the user's vault. It additionally invokes local Python scripts (improve_description.py,package_skill.py,quick_validate.py) found in the repository's internal.skills/directory to refine and validate the generated artifacts. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it distills content from untrusted, user-provided wiki pages into instructions for a new skill.
- Ingestion points: Reads markdown content from the local directory defined by
OBSIDIAN_VAULT_PATH(SKILL.md). - Boundary markers: No security-focused delimiters or escape sequences are used to isolate ingested wiki text from the instructions generated for the new
SKILL.mdfile. - Capability inventory: The factory performs file system write operations to
SKILL_FACTORY_OUTPUT_DIRand executes local Python-based utility scripts (SKILL.md). - Sanitization: The skill lacks logic to filter or sanitize instructions embedded within vault notes, though it preserves provenance markers (
^[inferred]) for factual traceability.
Audit Metadata