obsidian-data-handling
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Official API Usage. The skill uses standard Obsidian APIs such as Vault and MetadataCache for all file operations and metadata retrieval.
- [SAFE]: Local Data Handling. The export functionality is implemented using client-side browser downloads, ensuring that vault data is handled locally and not transmitted to external servers.
- [SAFE]: No Network Operations. While the configuration includes an apiEndpoint placeholder (https://api.example.com), the skill contains no logic for performing network requests or external data exfiltration.
- [SAFE]: Indirect Prompt Injection Surface. The skill implements functions that read vault contents, which is a required capability for its intended purpose of data backup and export.
- Ingestion points: implementation-guide.md (this.app.vault.read(file))
- Boundary markers: Not applicable for standard file system reading patterns
- Capability inventory: File creation, modification, and deletion within the vault scope
- Sanitization: Not implemented, as data is processed for backup and sync purposes rather than being directly interpreted by the agent's logic.
Audit Metadata