obsidian-vault-ops
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from vault files. Ingestion points: Reads vault .md and CLAUDE.md files. Boundary markers: None identified for delimiting note content. Capability inventory: Limited to Read, Write, Edit, Glob, Grep. Sanitization: No validation or escaping of note content.
- [Data Exposure] (SAFE): No exposure of credentials or sensitive system paths beyond the vault.
- [Remote Code Execution] (SAFE): No remote script downloads or dynamic execution patterns found.
Audit Metadata