vault-trace
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill reads and summarizes content from various notes in the user's vault, which creates a surface for indirect prompt injection. If notes contain malicious instructions, they could influence the agent's summary or sentiment analysis.
- Ingestion points: Content is ingested from file bodies, filenames, tags, and wikilinks across the vault as specified in Step 1.
- Boundary markers: No explicit delimiters are used to separate the note content from the agent's instructions.
- Capability inventory: The skill can search and read files using glob/grep and write synthesis pages to the 'notes/concepts/' directory. No network or administrative capabilities are present.
- Sanitization: No sanitization or filtering of the extracted note content is described.
Audit Metadata