Skills
skills/elliotjlt/claude-skill-potions/obsidian-vault-search/Gen Agent Trust Hub

obsidian-vault-search

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes content from Obsidian notes that may contain untrusted data or malicious instructions.
  • Ingestion points: Note content and frontmatter are read from the $VAULT_PATH using grep, cat, and head as defined in SKILL.md.
  • Boundary markers: The skill lacks explicit instructions or delimiters to separate note content from the agent's internal instructions, increasing the risk that the agent might follow instructions found within a note.
  • Capability inventory: The skill has access to bash (including python3, grep, find) and filesystem read capabilities.
  • Sanitization: There is no specified sanitization or filtering of the content retrieved from notes before it is presented to the user or processed by the model.
  • [COMMAND_EXECUTION]: The skill relies on executing shell commands via bash to perform searches. While these are focused on the local vault, the commands use variables like $VAULT_PATH and search terms which are interpolated into the command strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:33 AM