wiki-research
Fail
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is instructed to read from the .env file as a fallback to retrieve the vault path. Since .env files are high-value targets often containing API keys and other sensitive credentials, this access constitutes a significant security risk.
- [PROMPT_INJECTION]: The skill executes an autonomous research loop that fetches content from arbitrary external URLs, making it vulnerable to indirect prompt injection.
- Ingestion points: Data is ingested from the web via WebFetch and defuddle tool outputs (SKILL.md).
- Boundary markers: The instructions do not define any delimiters or ignore-instructions for the processed external data.
- Capability inventory: The skill possesses the ability to write to the local filesystem, update manifest files, and modify the index and log files of the Obsidian vault (SKILL.md).
- Sanitization: No validation or sanitization of the fetched external content is performed before it is synthesized and permanently stored in the vault.
Recommendations
- AI detected serious security threats
Audit Metadata