skills/niracler/skill/diary-note/Gen Agent Trust Hub

diary-note

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from user input and conversation context to generate diary entries, creating a surface for indirect prompt injection.
  • Ingestion points: User-provided content and raw conversation context (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: File-write operations to local diary files (SKILL.md).
  • Sanitization: No explicit sanitization or validation of the input content is performed before writing to the file.
  • [SAFE]: The skill's primary functions—reading configuration from ~/.config/nini-skill/diary/ and appending content to local markdown files—are standard behaviors for a productivity tool. No malicious patterns such as data exfiltration, obfuscation, or remote code execution were found.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 08:19 AM
Security Audit — agent-trust-hub — diary-note