islandiguana
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a custom, non-standard binary located at a hardcoded user path:
/Users/mtm/go/bin/islandiguana. Executing arbitrary binaries from user-controlled directories is a risk as the binary's integrity and behavior are not verified. - [COMMAND_EXECUTION]: The skill provides instructions for the agent to perform in-place mutations (update, append, delete) of Markdown files using
yqexpressions, which allows for the modification or potential corruption of local data. - [DATA_EXFILTRATION]: The skill is designed to recursively read and process the contents of a user's Obsidian vault located at
/Users/mtm/Documents/Obsidian Vault, which may contain sensitive personal information or private documents. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it ingests data from local Markdown files and provides them to the agent's context without sanitization.
- Ingestion points: Markdown files in the Obsidian vault as specified in the
SKILL.mdinstructions. - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present to distinguish between vault content and agent instructions.
- Capability inventory: File mutation (edit/delete) via the
islandiguanatool, shell command execution via Bash (includingrg,grep, andxargs), and the ability to read arbitrary file contents. - Sanitization: No sanitization, filtering, or validation is performed on the data retrieved from the vault before it is processed by the agent.
Audit Metadata