Skills
skills/kogakure/skills/search-vault/Gen Agent Trust Hub

search-vault

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs bash commands by directly interpolating user-provided query strings into templates such as qmd query "<query>". This pattern creates a risk of command injection if the user input contains shell metacharacters (e.g., ;, &, |) that are not properly escaped by the agent before execution.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes and presents untrusted data from an external source (the Obsidian vault).
  • Ingestion points: Search excerpts and full note content retrieved via qmd query and qmd get commands (SKILL.md).
  • Boundary markers: Absent. There are no instructions or delimiters defined to help the agent distinguish between note content and its own instructions.
  • Capability inventory: The skill has the capability to execute various bash commands within the qmd utility suite (SKILL.md).
  • Sanitization: Absent. The instructions do not specify any validation or sanitization of the content retrieved from the vault before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 01:40 PM