wiki-update

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill is instructed to search for and read .env files by traversing the directory tree (walking up the directory from the CWD) to resolve its own configuration parameters, such as the vault path. Since .env files are commonly used to store sensitive application secrets and credentials, this behavior could result in the unintended access or processing of secrets in the project environment.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands, specifically git log, to analyze changes in the project history between sync sessions.
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting and processing untrusted data from the project directory, including README files, source code, and git commit messages. It lacks specific boundary markers or sanitization logic to prevent malicious content within these files from influencing the AI agent's distillation and summarization tasks. Ingestion points: README.md, package.json, project source code, .claude/ memory files, and git log output. Boundary markers: Absent. Capability inventory: Reading local files and writing/updating files in the local Obsidian vault directory. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 12:14 AM
Security Audit — agent-trust-hub — wiki-update