obsidian-project-bootstrap
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
project_kb.py) using the system interpreter to detect and bootstrap project structures.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and synthesizing untrusted data from repository documentation and code entry points.\n - Ingestion points: Repository documents and source code (SKILL.md, Step 5).\n
- Boundary markers: Absent; no specific delimiters or instructions to ignore embedded commands are used when processing repository data.\n
- Capability inventory: Execution of Python scripts and writing files to the local file system (Obsidian vault and .claude directory).\n
- Sanitization: No explicit sanitization or validation of the ingested repository content is mentioned.
Audit Metadata