wiki-query
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill resolves its configuration by reading .env files and ~/.obsidian-wiki/config. Accessing these files poses a data exposure risk as they frequently contain sensitive credentials, API keys, and system path information.
- [COMMAND_EXECUTION]: The skill executes the qmd CLI tool via shell, interpolating user-provided search terms and question rephrasings into the command line (e.g., in the quality, balanced, and fast search modes). There are no instructions to sanitize or escape these inputs, which could lead to command injection if malicious characters are included in the user's query.
- [PROMPT_INJECTION]: The skill processes untrusted markdown content from the local wiki to synthesize answers. It lacks clear boundary markers to prevent embedded instructions from overriding the agent's behavior. Additionally, it contains instructions to conceal the existence of certain internal pages from the final output, which is a form of output control/suppression.
- Ingestion points: Obsidian vault files (.md), index.md, and hot.md.
- Boundary markers: Absent; the agent is not instructed to use delimiters or ignore instructions within vault content.
- Capability inventory: Uses Grep, Read, and CLI execution (qmd).
- Sanitization: No validation or sanitization is performed on the ingested markdown content before it is processed for synthesis.
- [COMMAND_EXECUTION]: The skill instructs the agent to write to a log.md file to maintain a history of queries and results.
Audit Metadata