obsidian-direct
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its architecture of ingesting and acting upon external data. \n
- Ingestion points: Data entering the agent context includes content from search skills, user-provided file paths, and outputs from Dataview queries (SKILL.md). \n
- Boundary markers: There are no instructions for the agent to use delimiters or ignore instructions embedded within the processed content. \n
- Capability inventory: The skill has the ability to create and edit files, run queries, and execute plugin-specific API calls (SKILL.md). \n
- Sanitization: The documentation does not specify any sanitization, escaping, or validation of the external content before it is written to the vault. \n
- [EXTERNAL_DOWNLOADS]: The skill documentation specifies communication with an external API at
api.openclaw.com. While this is the intended function of the skill for managing Obsidian vaults, users should verify the security of the third-party endpoint.
Audit Metadata