wiki-capture

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted conversation history and saving it to a persistent local knowledge base.
  • Ingestion points: Conversation history is scanned and rewritten in Step 1 and Step 3.
  • Boundary markers: The instructions do not define any delimiters or ignore-instructions for the ingested text.
  • Capability inventory: File system read and write access to the specified OBSIDIAN_VAULT_PATH and update tracking files like index.md and hot.md.
  • Sanitization: The content is rewritten and placed into markdown and YAML templates without explicit escaping or validation of the original conversation data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 08:00 PM
Security Audit — agent-trust-hub — wiki-capture