vault-add
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs Python scripts by performing string substitution of user-provided arguments like and directly into the script source code. This creates a high-risk command injection vulnerability where a user could provide a crafted title containing Python code to execute arbitrary commands on the host machine.
- [REMOTE_CODE_EXECUTION]: The generated Python scripts perform network operations and can be subverted via the command injection vulnerability to execute arbitrary code or exfiltrate data from the host environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted data from external APIs (Wikipedia, TVMaze, iTunes, OpenLibrary) and writing it directly to the Obsidian vault. 1. Ingestion points: Web search results and API metadata in Step 1 and Step 6. 2. Boundary markers: None detected; external data is interpolated directly into note templates. 3. Capability inventory: File system access via obsidian tools, network access via python3, and indexing via qmd tools. 4. Sanitization: No evidence of sanitization or validation of the external content before it is written to the vault.
Recommendations
- AI detected serious security threats
Audit Metadata