wiki-status
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is instructed to read the .env file located at the vault root to obtain configuration paths. This file is a standard location for sensitive information, including API keys, tokens, and other credentials.\n- [DATA_EXFILTRATION]: The skill accesses sensitive local directories including ~/.claude/projects/ and ~/.codex/. These locations typically contain private conversation history, session rollouts, and transcripts which are exposed to the agent for processing and summary generation.\n- [COMMAND_EXECUTION]: The skill performs extensive file system operations, including recursive globbing of user home directories and reading the content of all Markdown files within the Obsidian vault to generate reports and structural insights.\n- [PROMPT_INJECTION]: The skill reads and processes untrusted content from all Markdown files in the vault to extract structural data, wikilinks, and metadata.\n
- Ingestion points: All .md files within the vault, .env, and .manifest.json.\n
- Boundary markers: None identified; the skill reads file content directly.\n
- Capability inventory: File system reading, globbing, and file writing (writing _insights.md and logging to log.md).\n
- Sanitization: No explicit sanitization or validation of the ingested content is described in the logic.
Audit Metadata