wiki-synthesize
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
grepto scan the vault and count how often concepts appear together. This involves dynamic command construction where concept names and file paths are used as arguments, which can be a risk if these values are derived from untrusted content. - [PROMPT_INJECTION]: The skill processes all markdown files within the user's Obsidian vault to build a co-occurrence map, creating a potential surface for indirect prompt injection if a note contains malicious instructions. * Ingestion points: Reads every non-special markdown page in the vault as specified in Step 1 of the skill. * Boundary markers: No explicit markers or delimiters are defined to isolate or ignore instructions that might be embedded within the notes being scanned. * Capability inventory: The skill can execute shell commands (
grep), create new files in thesynthesis/directory, and modify or append to existing files likeindex.md,log.md, andhot.md. * Sanitization: Extracted data from notes (such as links, tags, and categories) is used directly to build the co-occurrence matrix and generate new synthesis content without specific sanitization or validation.
Audit Metadata