obsidian
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs
obsidian-clifrom the third-party Homebrew tapyakitrak/yakitrak/obsidian-cli. This source is not on the trusted repositories list, which presents a risk of executing unvetted third-party code. - COMMAND_EXECUTION (LOW): Utilizes the
obsidian-clitool to perform file-system operations such as creating, moving, and deleting files within the user's vaults. - DATA_EXFILTRATION (LOW): Accesses the local configuration file
~/Library/Application Support/obsidian/obsidian.json. While used for identifying vault locations, reading application metadata can expose sensitive directory structures. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection when processing Markdown notes. Evidence Chain: 1. Ingestion points: Markdown (
.md) files in vaults. 2. Boundary markers: Absent. 3. Capability inventory: File manipulation and search viaobsidian-cli. 4. Sanitization: Absent.
Audit Metadata