obsidian
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands for git (sync, commit, push/pull), gh (GitHub repository management), and the obsidian CLI (app actions, daily notes, reading/opening notes).
- [EXTERNAL_DOWNLOADS]: Fetches data from remote git repositories during synchronization operations using git pull --rebase.
- [DATA_EXFILTRATION]: Sends local vault content to remote git repositories using git push as part of the core functionality for backup and multi-device synchronization.
- [PROMPT_INJECTION]: The skill ingests untrusted data by reading markdown notes from the local vault. * Ingestion points: Markdown files in the Obsidian vault accessed via MCP tools in SKILL.md and resources/tool-patterns.md. * Boundary markers: No explicit delimiters or markers are defined for note content. * Capability inventory: Includes file system writes (write_note), file deletion (delete_note), and network operations (git push) across all scripts. * Sanitization: No evidence of sanitization or escaping of note content before processing.
Audit Metadata