wiki-query
Warn
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires the agent to read sensitive files such as
~/.obsidian-wiki/configand.envto retrieve configuration paths. These files are high-risk targets as they frequently contain private keys, access tokens, and other sensitive environment variables.\n- [DATA_EXFILTRATION]: User queries and search intent are transmitted to an external service via themcp__qmd__querytool. This involves sending data to the 'QMD' service, which is not a recognized trusted vendor, potentially exposing the user's knowledge base structure and search patterns.\n- [COMMAND_EXECUTION]: The retrieval protocol utilizes theGreputility to perform pattern matching across vault files. While intended for search, arbitrary execution of grep on local file systems can be a vector for unintended data exposure.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted content from the user's wiki and incorporates it into synthesized answers without sanitization or boundary markers.\n - Ingestion points: Page bodies and index files within the user's wiki vault are read and processed during steps 2, 3, and 4.\n
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the synthesis step.\n
- Capability inventory: The skill can perform file reads, execute grep, write to a log file, and make external tool calls.\n
- Sanitization: There is no evidence of sanitization or content validation before the wiki data is processed by the agent.\n- [DATA_EXFILTRATION]: The skill maintains a persistent record of user queries and search metadata by appending them to a local
log.mdfile.
Audit Metadata