wiki-capture
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted conversation history and saving it to a persistent local knowledge base.
- Ingestion points: Conversation history is scanned and rewritten in Step 1 and Step 3.
- Boundary markers: The instructions do not define any delimiters or ignore-instructions for the ingested text.
- Capability inventory: File system read and write access to the specified OBSIDIAN_VAULT_PATH and update tracking files like index.md and hot.md.
- Sanitization: The content is rewritten and placed into markdown and YAML templates without explicit escaping or validation of the original conversation data.
Audit Metadata