vault-research
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from local notes.
- Ingestion points: Target note content is read in the workflow to extract topics and context (SKILL.md).
- Boundary markers: The skill instructs the agent to ask for clarification if context is weak, but lacks delimiters to separate data from instructions.
- Capability inventory: The agent can read files from absolute paths, perform web research, and append data to files.
- Sanitization: No sanitization is performed on the ingested content.
Audit Metadata