Skills
skills/flowing-abyss/obsidian-vault-skills/obsidian-bases/Gen Agent Trust Hub

obsidian-bases

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses file metadata from the Obsidian vault, including full file paths and sizes.
  • Evidence: The skill reference table in SKILL.md explicitly lists file.path and file.size as accessible properties.
  • [PROMPT_INJECTION]: Potential for indirect prompt injection exists because the skill processes untrusted data from notes (tags, links, properties) to generate views.
  • Ingestion points: Note properties and metadata are read from files in the vault (SKILL.md).
  • Boundary markers: No explicit boundary markers are defined for data interpolation.
  • Capability inventory: The skill creates and edits .base configuration files (SKILL.md).
  • Sanitization: Sanitization is not automatically applied to ingested data before processing in formulas.
  • [COMMAND_EXECUTION]: Employs a domain-specific language for formulas and summaries that are evaluated at runtime.
  • Evidence: The formulas section in SKILL.md and the FUNCTIONS_REFERENCE.md describe a syntax for executing logic and calculations.
  • Risk: The html() function documented in FUNCTIONS_REFERENCE.md allows for the generation of HTML content, which could be exploited if malicious strings are ingested from notes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 10:44 PM