obsidian
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of
obsidian-clivia a public Homebrew tap. - [COMMAND_EXECUTION]: Provides instructions for executing
obsidian-clicommands to search, create, and move notes. - [DATA_EXFILTRATION]: Reads the local
obsidian.jsonconfig file to locate vaults; access is limited to the local system. - [PROMPT_INJECTION]: Ingests untrusted Markdown data from vaults, presenting an indirect prompt injection surface.
- Ingestion points: Markdown files in local vaults (SKILL.md).
- Boundary markers: Absent.
- Capability inventory:
obsidian-clifile operations and direct file system access. - Sanitization: Absent.
Audit Metadata