Skills
skills/bahayonghang/obsidian-notes-karpathy/kb-ingest/Gen Agent Trust Hub

kb-ingest

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts (scan_ingest_delta.py, sync_source_manifest.py) located in a relative path (../obsidian-notes-karpathy/scripts/). This assumes the presence of these scripts in the local environment and expands the skill's execution scope beyond its own directory.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted raw data.
  • Ingestion points: Reads files from raw/** and CLAUDE.md to populate raw/_manifest.yaml.
  • Boundary markers: Absent. There are no instructions to the agent to disregard potential commands or instructions embedded within the raw source files.
  • Capability inventory: The skill can execute local Python scripts and perform file write operations (raw/_manifest.yaml).
  • Sanitization: Absent. No evidence of content validation or escaping is present before the data is processed or added to the manifest.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 08:14 AM