obsidian-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill provides instructions for the agent to execute an external binary named 'obsidian'. This relies on the binary being pre-installed on the host system. It includes documentation for a sensitive 'eval' command which the skill author correctly identifies as a risk for arbitrary code execution and warns the agent to avoid.
- [PROMPT_INJECTION] (LOW): The skill has an Indirect Prompt Injection surface (Category 8). 1. Ingestion points: Untrusted data enters the agent context via 'obsidian read', 'obsidian daily:read', and 'obsidian search' commands which pull content from the user's Obsidian vault. 2. Boundary markers: Absent; there are no instructions provided to the agent to treat vault content as potentially malicious or to use delimiters when processing retrieved text. 3. Capability inventory: The agent can perform file writes, moves, and deletions ('obsidian create', 'obsidian append', 'obsidian move', 'obsidian delete'), providing a potential path for data manipulation if the agent is influenced by malicious note content. 4. Sanitization: Absent; the skill does not specify any sanitization or validation of vault content before it is processed or written to other files.
Audit Metadata