Obsidian
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external binary 'obsidian-cli' via a third-party Homebrew tap ('yakitrak/yakitrak/obsidian-cli').
- [COMMAND_EXECUTION]: The skill utilizes 'obsidian-cli' to execute file system operations including 'create', 'move', 'delete', and 'search-content' within the user's vaults. It also reads the local Obsidian configuration at '~/Library/Application Support/obsidian/obsidian.json' to resolve vault paths.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Data enters the agent's context through 'obsidian-cli search-content' which reads Markdown (.md) files.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat note content as untrusted data.
- Capability inventory: The agent can modify or delete files via 'obsidian-cli move' and 'obsidian-cli delete'.
- Sanitization: No sanitization or validation of the retrieved note content is performed before processing.
Audit Metadata