data-ingest

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill contains defensive instructions specifically designed to prevent the agent from following commands embedded in source data. It explicitly lists common injection patterns (like 'ignore previous instructions') as examples of text to be ignored, which triggered a false positive in static analysis.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted external data (chat logs, exports, transcripts). While this creates an attack surface, the author has mitigated this risk by including a 'Content Trust Boundary' section with clear rules for the agent to treat input as data, not instructions.
  • Ingestion points: Arbitrary files specified by the user (JSON, CSV, logs, images).
  • Boundary markers: Explicit 'Content Trust Boundary' section instructing the agent to ignore embedded commands.
  • Capability inventory: File reading and writing within the Obsidian vault. No network or subprocess capabilities identified.
  • Sanitization: Relies on LLM instruction-following rather than programmatic sanitization.
  • [COMMAND_EXECUTION]: No dangerous command execution or subprocess spawning was identified.
  • [DATA_EXFILTRATION]: No network activity or exfiltration patterns were detected. The skill operates within the local vault environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 04:29 AM
Security Audit — agent-trust-hub — data-ingest