capture
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is instructed to automatically execute
git commitafter verifying changes to the Obsidian vault to maintain version history of the captured notes. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted user-provided language learning material to create or update local files.
- Ingestion points: User-provided learning content (vocabulary, grammar, sentences, etc.) defined in the skill's main workflow.
- Boundary markers: No explicit boundary markers or specific instructions to ignore embedded commands are present when handling user data.
- Capability inventory: The skill has read/write access to a local file system path and the ability to execute shell commands (
git commit) via a subprocess. - Sanitization: No sanitization, escaping, or validation of user-provided content is performed before the data is written to the file system.
- [DATA_EXFILTRATION]: The skill accesses a hardcoded local directory path at
/Users/kidow/Library/Mobile Documents/iCloud~md~obsidian/Documents/lexivault. This path is associated with the skill author's environment and is used as the storage location for the Obsidian vault. No network operations or external data transmissions were detected.
Audit Metadata