Skills
skills/bahayonghang/obsidian-notes-karpathy/kb-compile/Gen Agent Trust Hub

kb-compile

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script ../obsidian-notes-karpathy/scripts/scan_compile_delta.py to identify changes in the raw data directory. This is a standard part of the incremental compilation workflow.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from markdown and PDF files located in raw/ subdirectories. An attacker could embed instructions in these files to influence the summarization or classification behavior.
  • Ingestion points: Reads markdown and PDF content from raw/human/**, raw/agents/{role}/**, raw/*.md, and raw/**/papers/*.pdf.
  • Boundary markers: The instructions do not define explicit delimiters or warnings for the agent to ignore embedded instructions within the raw content.
  • Capability inventory: The skill has the ability to write files to wiki/drafts/ and wiki/log.md, and execute the local scan_compile_delta.py script.
  • Sanitization: There is no explicit sanitization step, but the skill requires clear separation between source claims and compiler inferences in the output, which provides some structural mitigation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 08:14 AM