obsidian-process-notes
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted Markdown files from an external source ('inbox' clippings).
- Ingestion points: Reads Markdown files directly from
~/Code/personal/obsidian/llm-wiki/inbox/. - Boundary markers: Absent. The workflow reads the content of these notes without using delimiters or instructions to ignore embedded commands.
- Capability inventory: The agent has the ability to read, write, and edit files, as well as move files and execute shell commands like
find,mv, andqmd. - Sanitization: Absent. There is no evidence of filtering or validation of the text extracted from the inbox notes before it is used to generate new wiki content.
- [COMMAND_EXECUTION]: The skill utilizes several shell commands to manage the vault environment. It uses
findto locate notes,mvto move processed files, and a non-standard commandqmd updateto re-index the vault. These commands are scoped to the specific vault path.
Audit Metadata