Skills
skills/madeyexz/heptabase-skill/heptabase-linking/Gen Agent Trust Hub

heptabase-linking

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it involves reading and processing user-controlled content from Heptabase notes which may contain malicious instructions.
  • Ingestion points: The 'Batch-linking recipe' in SKILL.md instructs the agent to read existing note and journal content using heptabase note read and heptabase journal read.
  • Boundary markers: No boundary markers or 'ignore' instructions are suggested to delimit the untrusted card content from the agent's system instructions during batch processing.
  • Capability inventory: The skill provides full write access to the Heptabase database via heptabase note save, heptabase note create, and heptabase tag add, as well as the ability to execute the bin/heptabase-link script.
  • Sanitization: While the skill uses jq to correctly extract text from ProseMirror JSON, it does not sanitize the resulting text for embedded agent instructions before the agent processes it to make decisions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:49 AM
Security Audit — agent-trust-hub — heptabase-linking