excalidraw-obsidian
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design.
- Ingestion points: The skill reads existing Markdown files within the Obsidian vault to reconstruct diagram elements and update them.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from interpreting instructions potentially hidden within the text elements of an existing drawing.
- Capability inventory: The agent can write files to the local file system and execute related MCP tools.
- Sanitization: No sanitization or validation logic is specified for the data retrieved from existing files before it is processed by the agent.
- [DATA_EXPOSURE]: The skill is configured to access and modify files at the specific path
~/notes/obsedian/Excalidraw/. While this is central to its stated purpose of managing Obsidian diagrams, the path resides within a sensitive user directory where other notes may be stored.
Audit Metadata