wiki-export
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's operations are confined to the local environment, reading markdown notes from the vault and writing the resulting graph data to a local
wiki-export/directory, which is consistent with its stated purpose. - [EXTERNAL_DOWNLOADS]: The generated
graph.htmlfile includes a reference to thevis-networklibrary hosted onunpkg.com. This is a well-known and trusted Content Delivery Network (CDN) for web assets. - [PROMPT_INJECTION]: The skill ingests untrusted data from the user's vault to generate the export files, creating a surface for indirect prompt injection.
- Ingestion points: All
.mdfiles in the Obsidian vault (Step 1). - Boundary markers: Absent; data is extracted using regular expressions from note content and frontmatter.
- Capability inventory: Reading local markdown files and writing to the local filesystem (graph.json, graph.graphml, cypher.txt, graph.html).
- Sanitization: None; extracted fields like the
summaryfrom frontmatter are interpolated directly into the HTML'sinnerHTML. This could lead to a stored XSS vulnerability in the generatedgraph.htmlartifact if a note contains malicious script content.
Audit Metadata