Skills
skills/zpankz/obsidian-skills/notemdpro-qa-extractor/Gen Agent Trust Hub

notemdpro-qa-extractor

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data within its prompt templates.
  • Ingestion points: The extractOriginalText function reads content from local markdown files (inputPath) using the read_file tool.
  • Boundary markers: The prompt templates for both Individual and Merged modes use simple text labels like 'Reference Content:' and 'User Question:' without robust delimiters (such as XML tags or unique random separators) to distinguish between instructions and data.
  • Capability inventory: The skill has the ability to read and write files (read_file, write_file) and create directories (mkdir_p).
  • Sanitization: There is no documented evidence of input sanitization or filtering to prevent embedded instructions in the source text from being interpreted by the LLM.
  • [COMMAND_EXECUTION]: The skill documentation describes the execution of shell-equivalent file operations, including read_file, mkdir_p, and write_file. These operations are used to process input documents and generate output files based on user-defined configurations and paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:49 PM