ai-reindex

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the Obsidian vault. It uses test -d for path verification and a sequence of git commands (add, commit, push) to synchronize changes. These commands operate on a directory path that can be provided by the user.
  • [DATA_EXFILTRATION]: The skill performs a git push operation from the vault root. This action transmits local data (specifically the generated index.md files and any other staged changes) to a remote repository. The destination is determined by the local git configuration of the vault repository.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted local metadata.
  • Ingestion points: Local file and directory names are read using the ls -1 command and used as content for the generated index files.
  • Boundary markers: No delimiters or instructions are used to prevent the agent from interpreting malicious strings embedded in filenames as instructions.
  • Capability inventory: The skill has capabilities for file system modification (Write, Edit) and shell execution (git).
  • Sanitization: There is no evidence of validation or sanitization of filenames before they are interpolated into the markdown index files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 02:45 PM
Security Audit — agent-trust-hub — ai-reindex