obsidian-note-builder
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow (Step 0) instructs the agent to use 'find' and 'grep' commands to discover existing vault context. These commands scan for Markdown files and existing tag taxonomies to ensure the new note integrates well with the user's vault. These are local, read-only operations restricted to the vault path.\n- [PROMPT_INJECTION]: The skill acts on untrusted data from external sources (such as article excerpts or meeting transcripts), creating an indirect prompt injection surface.\n
- Ingestion points: User-provided brain dumps, transcripts, and web articles as described in SKILL.md workflow steps 1 and 2.\n
- Boundary markers: Absent. The instructions do not specify the use of delimiters for untrusted input.\n
- Capability inventory: Read-only shell discovery (find/grep) and Markdown generation; the skill does not explicitly call network or high-privilege system tools.\n
- Sanitization: No sanitization or validation of the input content is defined within the skill's instructions.
Audit Metadata