wiki-agent
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive local directories containing AI agent histories (such as
~/.claude,~/.codex,~/.hermes,~/.openclaw, and~/.copilot) to extract conversation data. - [DATA_EXFILTRATION]: The skill reads from
.envfiles and~/.obsidian-wiki/configto resolve custom history paths and vault locations, which may contain sensitive configuration data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its core ingestion mechanism. It processes raw conversation history from multiple external agents without explicit sanitization or the use of boundary markers.
- Ingestion points: Raw history files in JSONL, JSON, and Markdown formats across multiple agent directories (e.g.,
~/.claude/projects/*/*.jsonl). - Boundary markers: None identified in the instruction set.
- Capability inventory: Extensive file system read access across user home directories and write access to the specified Obsidian vault.
- Sanitization: No evidence of content filtering or instruction scrubbing during the distillation process.
Audit Metadata