wiki-synthesize

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using grep to scan the vault and count how often concepts appear together. This involves dynamic command construction where concept names and file paths are used as arguments, which can be a risk if these values are derived from untrusted content.
  • [PROMPT_INJECTION]: The skill processes all markdown files within the user's Obsidian vault to build a co-occurrence map, creating a potential surface for indirect prompt injection if a note contains malicious instructions. * Ingestion points: Reads every non-special markdown page in the vault as specified in Step 1 of the skill. * Boundary markers: No explicit markers or delimiters are defined to isolate or ignore instructions that might be embedded within the notes being scanned. * Capability inventory: The skill can execute shell commands (grep), create new files in the synthesis/ directory, and modify or append to existing files like index.md, log.md, and hot.md. * Sanitization: Extracted data from notes (such as links, tags, and categories) is used directly to build the co-occurrence matrix and generate new synthesis content without specific sanitization or validation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 07:38 PM
Security Audit — agent-trust-hub — wiki-synthesize