wiki-dashboard

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a workflow that reads user-provided vault files, creating an indirect prompt injection surface where malicious note content could influence agent behavior.\n
  • Ingestion points: The skill explicitly instructs the agent to read $OBSIDIAN_VAULT_PATH/index.md in Step 2 to determine the vault's category and page structure.\n
  • Boundary markers: There are no instructions or delimiters provided to ensure the agent ignores embedded instructions within the ingested index file.\n
  • Capability inventory: The skill possesses the capability to write new configuration and query files (.base and .md) to the vault's _meta/ directory based on the ingested data.\n
  • Sanitization: No sanitization, validation, or escaping of the content read from the vault index is performed before the agent processes the data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 07:38 PM
Security Audit — agent-trust-hub — wiki-dashboard