Skills
skills/bahayonghang/obsidian-notes-karpathy/kb-init/Gen Agent Trust Hub

kb-init

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run local Python scripts (detect_lifecycle.py and build_governance_indices.py) to analyze the vault state and generate scaffolding. These scripts are located in a relative path (../obsidian-notes-karpathy/scripts/).
  • [PROMPT_INJECTION]: The skill reads data from local configuration files and templates to guide its execution, which represents an indirect prompt injection surface.
  • Ingestion points: File reads from ../obsidian-notes-karpathy/scripts/skill-contract-registry.json and various templates in ../obsidian-notes-karpathy/references/.
  • Boundary markers: Absent.
  • Capability inventory: File system write operations and execution of local scripts (detect_lifecycle.py, build_governance_indices.py).
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 08:14 AM
Security Audit — agent-trust-hub — kb-init