skills/ar9av/obsidian-wiki/wiki-lint/Gen Agent Trust Hub

wiki-lint

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses standard shell utilities including grep, sort, comm, and wc to analyze the vault's structure. In the 'Synthesis Gaps' check, concept names derived from note titles are interpolated into a shell command string. While this is a functional requirement for the audit, it represents a potential command injection surface if note titles contain shell metacharacters.
  • [PROMPT_INJECTION]: The skill processes the entire content of a user's markdown vault, which introduces an indirect prompt injection surface. Malicious instructions embedded in a note could attempt to influence the agent's behavior during the 'lint' or 'fix' phases.
  • Ingestion points: All .md files located in the OBSIDIAN_VAULT_PATH and the index.md/log.md files.
  • Boundary markers: None provided to distinguish between the agent's instructions and the content of the notes being analyzed.
  • Capability inventory: File system writes (updating frontmatter, moving files), shell command execution via grep and bash.
  • Sanitization: No specific sanitization logic is mentioned for handling note content before processing or interpolation into commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 10:03 AM
Security Audit — agent-trust-hub — wiki-lint