tolaria-wiki
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes various system commands such as
mkdir,find,grep,awk,git, andchmodfor vault initialization, organizational management, and diagnostic health checks. These commands are used within the scope of managing the local vault and user-specified source directories. - [EXTERNAL_DOWNLOADS]: Integration workflows provide patterns for using
curland CLI tools (e.g.,gh) to fetch data from external APIs or repositories. The documentation emphasizes that external integrations should be human-initiated and that API keys must be managed through environment variables rather than stored within the vault. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external content (e.g., meeting transcripts and Slack threads) which presents a potential surface for indirect prompt injection. The skill mitigates this risk by using bounded context packs (limiting the number of notes processed at once) and requiring human review for ambiguous or qualitative processing steps.
Audit Metadata