ai-reindex
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the Obsidian vault. It uses
test -dfor path verification and a sequence ofgitcommands (add,commit,push) to synchronize changes. These commands operate on a directory path that can be provided by the user. - [DATA_EXFILTRATION]: The skill performs a
git pushoperation from the vault root. This action transmits local data (specifically the generatedindex.mdfiles and any other staged changes) to a remote repository. The destination is determined by the local git configuration of the vault repository. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted local metadata.
- Ingestion points: Local file and directory names are read using the
ls -1command and used as content for the generated index files. - Boundary markers: No delimiters or instructions are used to prevent the agent from interpreting malicious strings embedded in filenames as instructions.
- Capability inventory: The skill has capabilities for file system modification (
Write,Edit) and shell execution (git). - Sanitization: There is no evidence of validation or sanitization of filenames before they are interpolated into the markdown index files.
Audit Metadata