vault-drift
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists exclusively of markdown instructions and YAML configuration; no executable scripts, binaries, or code files are provided.
- [SAFE]: No patterns associated with data exfiltration, credential harvesting, or malicious command execution were found in the instructions.
- [PROMPT_INJECTION]: The skill's primary function is to process untrusted data (the user's markdown vault content), which introduces a surface for indirect prompt injection if a note contains malicious instructions. * Ingestion points: Markdown files in the active vault path (SKILL.md). * Boundary markers: None identified in the provided instructions. * Capability inventory: The skill describes reading vault files and updating concept pages but contains no shell commands or network capabilities. * Sanitization: No sanitization or filtering of the processed content is described.
Audit Metadata