archive-to-brain
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for documentation and archival purposes, specifically targeting the user's Obsidian vault structure.
- [COMMAND_EXECUTION]: The skill instructions include the use of local command-line tools such as
obsidianandnotesmd-clito automate file creation and property updates within the vault. These tools are assumed to be locally installed by the user and are used according to their intended functionality for vault management. - [DATA_EXFILTRATION]: Analysis of the skill instructions confirms that all data operations are confined to the local filesystem. There are no network requests, remote API calls, or patterns indicating the exfiltration of sensitive conversation data to external servers.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests and processes active conversation data. However, the instructions are focused on structured analysis and archival logic, and the risk is considered low as the primary output is a static Markdown file for personal use. (Severity: LOW)
- Ingestion points: Processes the active AI conversation history during the 'Deep analysis' phase.
- Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore instructions embedded within the conversation text.
- Capability inventory: File creation and modification capabilities via local CLI tools and direct filesystem access (
SKILL.md). - Sanitization: No explicit sanitization or escaping of conversation content is mentioned before it is written to the vault files.
Audit Metadata