skills/augmentableai/tpsreport-obsidian-sync/KB Lifecycle Manager (TPSReport / Obsidian)/Gen Agent Trust Hub
KB Lifecycle Manager (TPSReport / Obsidian)
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script,
kb_lint.py, to perform deterministic validation of Markdown frontmatter. - The script uses
yaml.safe_loadto prevent code injection during YAML parsing. - Execution is scoped to the user-specified knowledge base folder to prevent unauthorized scanning of unrelated directories.
- [EXTERNAL_DOWNLOADS]: The documentation references the installation of
pyyamlfrom the official Python package registry (PyPI). This is a standard, reputable library required for the functionality of the provided linter script. - [PROMPT_INJECTION]: Static analysis identified potential concealment instructions; however, manual review confirms these are benign quality-control guidelines. For example, instructions to not report a task as complete if validation errors persist are standard operational requirements rather than attempts to hide malicious activity.
- [SAFE]: The skill incorporates several security-positive patterns, including explicit instructions to obtain human approval before any destructive operations (like syncing or pushing data) and clear documentation of its data schema and validation rules.
Audit Metadata