ai-productivity-column
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to read and write files at specific absolute paths, such as
/Users/ugreen/Documents/obsidian/. This assumes specific local environment configurations and targets user-private directories. - [DATA_EXFILTRATION]: Accesses sensitive files including business plans and creative content. The combination of reading private documents and having internet search capabilities creates a potential risk for data exposure if manipulated.
- [PROMPT_INJECTION]: The skill possesses an indirect injection surface through the ingestion of external user notes. 1. Ingestion points: Obsidian vault files and planning documents. 2. Boundary markers: None used to distinguish external content from instructions. 3. Capability inventory: File system read/write access and internet search capabilities. 4. Sanitization: No validation or sanitization of ingested content is performed.
Audit Metadata