Skills
skills/zpankz/obsidian-skills/notemdpro-link-analyzer/Gen Agent Trust Hub

notemdpro-link-analyzer

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. It reads external markdown files and incorporates their contents into an LLM prompt. Because the resulting output is used to modify or create files, malicious instructions embedded in the source notes could influence the LLM to perform unauthorized file changes.
  • Ingestion points: Content is ingested from user markdown files via the read_file tool in fileUtils.ts.
  • Boundary markers: The prompt template defined in promptUtils.ts does not utilize delimiters (such as XML tags or unique tokens) to isolate the user-provided data from the system's instructions.
  • Capability inventory: The skill has the capability to modify existing files and create new concept notes using the write_file tool.
  • Sanitization: There is no evidence of output validation or sanitization before the content returned by the LLM is written to the local disk.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:49 PM