Skills
skills/kcchien/skills/tsmc-research-notes/Gen Agent Trust Hub

tsmc-research-notes

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Hardcoded local directory path.
  • Evidence: The file SKILL.md specifies a fixed local path for note storage: `/Users/kc/Obsidian Vaults/obsidian_kc_main/_AIpoint 臥龍/Project
  • TSMC/CuCMP AI 加藥建議 — 研究筆記/`.
  • Impact: This exposes the author's local username (kc) and internal directory structure. While consistent with the author's name (kcchien), hardcoding absolute paths is a security anti-pattern that can reveal information about the host environment.
  • [PROMPT_INJECTION]: Indirect prompt injection surface.
  • Ingestion points: The skill instructions in SKILL.md direct the agent to read analysis sources such as notebooks, reports, and discussion records.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its instructions and the content of the processed files.
  • Capability inventory: The skill allows the agent to write files to the local Obsidian vault.
  • Sanitization: There is no evidence of sanitization or filtering of the ingested external content before it is incorporated into the notes.
  • Risk: Maliciously crafted analysis files could include instructions that manipulate the agent's behavior during the knowledge extraction process.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 03:09 PM