obsidian-process-notes

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted Markdown files from an external source ('inbox' clippings).
  • Ingestion points: Reads Markdown files directly from ~/Code/personal/obsidian/llm-wiki/inbox/.
  • Boundary markers: Absent. The workflow reads the content of these notes without using delimiters or instructions to ignore embedded commands.
  • Capability inventory: The agent has the ability to read, write, and edit files, as well as move files and execute shell commands like find, mv, and qmd.
  • Sanitization: Absent. There is no evidence of filtering or validation of the text extracted from the inbox notes before it is used to generate new wiki content.
  • [COMMAND_EXECUTION]: The skill utilizes several shell commands to manage the vault environment. It uses find to locate notes, mv to move processed files, and a non-standard command qmd update to re-index the vault. These commands are scoped to the specific vault path.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 07:43 PM
Security Audit — agent-trust-hub — obsidian-process-notes