obsidian-todo-collector
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill reads and processes user-controlled documents from an Obsidian vault, which presents an attack surface for indirect prompt injection. 1. Ingestion points: Full text of vault documents is read in SKILL.md (Step 2.4). 2. Boundary markers: No specific markers are used to separate data from instructions. 3. Capability inventory: The agent has permissions to read/write local vault files and execute a local script. 4. Sanitization: No content filtering or instruction scrubbing is performed on ingested text.
- [COMMAND_EXECUTION]: The skill executes a local script (scripts/pre_check.py) provided in the skill package to perform metadata validation and content previews. This is a standard functional component for document processing.
Audit Metadata