wiki-dashboard
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow that reads user-provided vault files, creating an indirect prompt injection surface where malicious note content could influence agent behavior.\n
- Ingestion points: The skill explicitly instructs the agent to read
$OBSIDIAN_VAULT_PATH/index.mdin Step 2 to determine the vault's category and page structure.\n - Boundary markers: There are no instructions or delimiters provided to ensure the agent ignores embedded instructions within the ingested index file.\n
- Capability inventory: The skill possesses the capability to write new configuration and query files (
.baseand.md) to the vault's_meta/directory based on the ingested data.\n - Sanitization: No sanitization, validation, or escaping of the content read from the vault index is performed before the agent processes the data.
Audit Metadata