wiki-export

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill's operations are confined to the local environment, reading markdown notes from the vault and writing the resulting graph data to a local wiki-export/ directory, which is consistent with its stated purpose.
  • [EXTERNAL_DOWNLOADS]: The generated graph.html file includes a reference to the vis-network library hosted on unpkg.com. This is a well-known and trusted Content Delivery Network (CDN) for web assets.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the user's vault to generate the export files, creating a surface for indirect prompt injection.
  • Ingestion points: All .md files in the Obsidian vault (Step 1).
  • Boundary markers: Absent; data is extracted using regular expressions from note content and frontmatter.
  • Capability inventory: Reading local markdown files and writing to the local filesystem (graph.json, graph.graphml, cypher.txt, graph.html).
  • Sanitization: None; extracted fields like the summary from frontmatter are interpolated directly into the HTML's innerHTML. This could lead to a stored XSS vulnerability in the generated graph.html artifact if a note contains malicious script content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 09:00 PM
Security Audit — agent-trust-hub — wiki-export