periodic-rollup
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from the Obsidian vault to generate consolidated notes, creating a surface for indirect prompt injection.
- Ingestion points: Vault content is read from periodic notes and child note descriptions as specified in references/history-rollup.md and references/periodic-rollup.md.
- Boundary markers: No explicit delimiters or instructions are used to distinguish vault data from system prompts.
- Capability inventory: The skill utilizes subprocess calls to execute 'rg' and 'obsidian-cli' and performs file-write operations via 'obsidian-cli create'.
- Sanitization: No explicit sanitization or filtering is applied to the note content before synthesis.
- [COMMAND_EXECUTION]: The skill executes shell commands using 'rg' and 'obsidian-cli' for searching and managing vault data. User-supplied arguments like project names are interpolated into these commands, which presents a surface for command injection if input is not properly handled by the agent context.
- [COMMAND_EXECUTION]: A dynamic context injection '!
obsidian daily:path' is used in SKILL.md to retrieve path information during skill initialization. This is a functional use of the platform's features for vault-specific workflows.
Audit Metadata