obsidian-cli
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary function is to wrap the official Obsidian CLI. Scripts and instructions were audited for malicious intent, including credential harvesting and exfiltration; no such patterns were found.
- [COMMAND_EXECUTION]: The skill executes the
obsidianbinary and platform-specific URI openers (open,xdg-open). This activity is constrained to the CLI features enabled by the user and follows standard shell scripting safety patterns. - [PROMPT_INJECTION]: The skill facilitates reading external note data, which constitutes an indirect prompt injection surface. Ingestion points: Vault content retrieved via
obsidian read. Boundary markers: None present in the wrapper scripts. Capability inventory: CLI command execution and URI opening. Sanitization: Shell scripts utilize standard argument passing to mitigate simple command injection vectors.
Audit Metadata