graph-colorize
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate configuration management for the Obsidian application by modifying local JSON settings.
- [DATA_EXPOSURE]: The skill reads configuration from
~/.obsidian-wiki/configand parses frontmatter from markdown files within the vault. This data access is localized and essential for identifying the vault path and determining the appropriate color-coding groups based on user content. - [COMMAND_EXECUTION]: The skill involves file system operations such as globbing markdown files, reading/writing configuration files, and creating backups. These actions are scoped to the Obsidian vault and its configuration directories.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data in the form of markdown tags and folder names to generate the
colorGroupsconfiguration. While this presents an ingestion surface, the risk is minimal as the data is used to populate string fields in a non-executable JSON configuration file, and the skill includes instructions for proper quoting and structure.
Audit Metadata