session-rollup
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data from Engram memory and existing Obsidian notes to generate summaries, which creates an attack surface for indirect prompt injection.
- Ingestion points: The skill reads recent memory context and observations from Engram (Step 1) and existing daily note content from the Obsidian vault (Step 4).
- Boundary markers: The instructions do not define delimiters or provide the agent with warnings to ignore embedded instructions within the ingested data.
- Capability inventory: The skill has the capability to write new files to the vault and modify existing notes using the
write-vault-sectiontool. - Sanitization: No sanitization or validation of the ingested content is performed before it is interpolated into the vault updates.
- [COMMAND_EXECUTION]: The skill executes local
gitcommands (git branch,git diff,git merge-base) to collect repository metadata. These operations are limited to read-only metadata retrieval within the local working directory and do not pose a high risk. - [SAFE]: No instances of hardcoded credentials, data exfiltration to external domains, or unauthorized remote code execution were detected. All file system activity is confined to the user's Obsidian vault and the local repository context.
Audit Metadata