vault-review
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from user notes to generate daily plans and summaries, establishing a surface for indirect prompt injection.
- Ingestion points: Reads from yesterday's daily notes, active project files, and recently modified notes to gather context (SKILL.md).
- Boundary markers: The instructions do not define delimiters or specific 'ignore' instructions for the data ingested from the vault.
- Capability inventory: The skill possesses file-writing capabilities to create and append content to daily notes (SKILL.md).
- Sanitization: No sanitization or validation of the ingested note content is performed before it is passed to high-capability models for synthesis.
Audit Metadata