set-note-description
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingest and processes untrusted markdown content from notes to generate summaries.
- Ingestion points: Reads local markdown files (SKILL.md) based on user arguments or hierarchical links.
- Boundary markers: The instructions do not define delimiters or protective instructions for the agent when reading note content, making it potentially susceptible to embedded instructions.
- Capability inventory: The skill is designed to read file content and write/update the description property in the YAML frontmatter.
- Sanitization: There is no evidence of input validation or content filtering to prevent malicious instructions within notes from influencing the agent's output.
Audit Metadata