Skills
skills/olivoil/skills/topic-pulse/Gen Agent Trust Hub

topic-pulse

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the obsidian vault info=path command to programmatically determine the file system location of the user's knowledge base.
  • [DATA_EXFILTRATION]: During the research phase, the agent extracts keywords and phrases from the user's private vault notes and uses them to perform external web searches. This creates a data flow where potentially sensitive topical interests or internal project names are transmitted to search engines and LLM providers.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the vault.
  • Ingestion points: Files are read from Clippings/, Daily Notes/, Projects/, Coding/, Meetings/, and Topics/ folders as specified in SKILL.md (Phases 0 and 1). The Clippings/ folder is particularly high-risk as it typically contains raw content saved from external websites.
  • Boundary markers: The instructions do not define delimiters or protective framing to isolate vault content from the agent's internal logic.
  • Capability inventory: The skill possesses file system read/write access, the ability to execute shell commands via the Obsidian CLI, and network access for web research (Phase 3).
  • Sanitization: No validation or escaping mechanisms are applied to the ingested content before it is processed by the model to determine future actions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 06:33 PM