vault-ingest
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external content from the
raw/sources/directory to generate curated notes. This creates a potential surface for indirect prompt injection where instructions embedded in source files could influence the agent's behavior during the curation process. However, the lack of sensitive capabilities like network access or shell execution limits the impact of such an attack. - Ingestion points: Files located in
raw/sources/(documented inSKILL.md). - Boundary markers: Absent; the skill does not specify delimiters or safety warnings for the content being processed.
- Capability inventory: File system operations including reading source files, writing to
notes/andprojects/, appending toindex.mdandlog.md, moving files for archival, and deleting empty directories (documented inSKILL.md). - Sanitization: Absent; no explicit validation or escaping of the ingested source content is mentioned.
- [COMMAND_EXECUTION]: The skill includes an audit function that identifies and removes empty folders within the
raw/processed/directory. This is a restricted file system operation part of the intended hygiene workflow.
Audit Metadata