vault-setup
Pass
Audited by Gen Agent Trust Hub on May 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Python and shell scripts to manage vault infrastructure. It employs subprocess.run to execute mkdir for directory setup, uses pgrep for environment verification, and invokes platform-specific commands such as open (macOS) or xdg-open (Linux) to launch Obsidian. It also modifies the global ~/.claude/CLAUDE.md file to append path-based context, which is the advertised functionality for global integration.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists in the Workflows/Setup.md workflow. User-provided descriptions from the initial interview are directly written into the CLAUDE.md file without sanitization or boundary markers. This file is used to provide behavioral context to the agent, potentially allowing malicious user input to influence future agent interactions.
- [EXTERNAL_DOWNLOADS]: The skill's documentation and help files recommend installing the click Python package from standard registries and provide instructions for linking companion skills from an external GitHub repository.
Audit Metadata