obsidian-links
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as
ls,find,grep,sed, andcommto traverse the vault directory and analyze file relationships. These commands are used according to the skill's intended purpose for knowledge management. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the content of markdown notes provided by the user to identify links and build index notes.
- Ingestion points: Note reading operations described in
SKILL.md(Steps 2, 3, and 5) and file discovery in Steps 0 and 4. - Boundary markers: Absent. The instructions do not mandate the use of delimiters or 'ignore' instructions when parsing the content of user notes.
- Capability inventory: The agent has capabilities to read/write files and execute shell commands as defined in
SKILL.mdandREADME.mdrequirements. - Sanitization: Absent. No explicit sanitization or validation of the content within the markdown files is performed before processing.
Audit Metadata