Skills
skills/akillness/oh-my-skills/obsidian-plugin/Gen Agent Trust Hub

obsidian-plugin

Fail

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructions in SKILL.md suggest running npx github:gapmiss/obsidian-plugin-skill create-plugin. This pattern fetches and executes arbitrary code from a remote source at runtime, presenting a high risk if the repository is untrusted or compromised.
  • [COMMAND_EXECUTION]: The scripts scripts/install.sh and scripts/create-plugin.js perform automated system tasks, including directory creation, file writing, and command execution, which provide broad access to the local environment.
  • [EXTERNAL_DOWNLOADS]: The environment setup process involves downloading numerous third-party dependencies from npm and GitHub, introducing supply chain risks associated with external, unverified code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 16, 2026, 01:20 AM