walkthrough-to-obsidian
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown instructions and reference guides. It does not include any executable scripts (e.g., .py, .js, .sh), which eliminates risks associated with remote code execution or malicious automated subprocesses.
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection because it is designed to ingest and process untrusted external data.
- Ingestion points: In
SKILL.md(Phase 1), the agent is directed to "Read the entire source file" provided by the user. - Boundary markers: The instructions do not define clear delimiters or "ignore instructions" directives to prevent the agent from accidentally executing commands embedded within the walkthrough text (e.g., directions to delete files or reveal system prompts).
- Capability inventory: The agent has the capability to create and update multiple markdown files within the user's Obsidian vault (filesystem access).
- Sanitization: There is no mention of sanitizing or escaping content from the source walkthrough before it is processed or written to the output files.
Audit Metadata