obsidian
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill repository references a script at 'tools/create-plugin.js' to be executed via the '/create-plugin' slash command. This file was not included in the provided 9 files for analysis, making its execution logic unverifiable.
- [DATA_EXFILTRATION]: The guidelines recommend using the 'requestUrl()' API to bypass CORS restrictions. While necessary for many Obsidian plugin features, this capability allows plugins to communicate with external servers without browser-enforced cross-origin protections, which can be leveraged for data exfiltration.
- [PROMPT_INJECTION]: The skill processes untrusted data in the form of user-provided plugin source code (ingestion points: main.ts and other plugin files). It lacks boundary markers to distinguish code from embedded instructions. The agent has the capability (capability inventory) to generate code that performs network requests via 'requestUrl' and modifies files via 'Vault.process'. Sanitization is partially addressed by instructions to avoid 'innerHTML' for XSS prevention, but no general sanitization of malicious instructions in source comments is provided.
Audit Metadata