Skills
skills/akillness/oh-my-skills/obsidian-cli/Gen Agent Trust Hub

obsidian-cli

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes scripts/run-command.sh and scripts/open-uri.sh which execute the obsidian binary and system URI handlers (open, xdg-open, start) using arguments provided by the agent. These scripts use proper shell quoting to prevent argument injection.
  • [REMOTE_CODE_EXECUTION]: The documentation in references/commands-and-developer-tools.md explicitly mentions the obsidian eval command. This feature allows for the execution of arbitrary JavaScript code within the context of the running Obsidian application, which is intended for developer debugging and automation.
  • [DATA_EXFILTRATION]: The skill documents the use of the obsidian read command combined with the --copy flag. This functionality allows the agent to read note content and copy it to the system clipboard or internal context, which represents a data access and potential exfiltration surface if misused.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 04:31 AM