Skills
skills/jst-well-dan/skill-box/obsidian-bases/Gen Agent Trust Hub

obsidian-bases

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill facilitates the creation of views that ingest data from across an Obsidian vault, potentially exposing the agent to instructions embedded in note content.
  • Ingestion points: Frontmatter properties and file metadata are accessed via the file.properties and file object within formulas and filters.
  • Boundary markers: There are no instructions for the agent to use specific delimiters or to disregard content within note properties that might look like instructions.
  • Capability inventory: The skill leverages a formula engine with capabilities including file metadata access, link creation, and HTML rendering via the html() function.
  • Sanitization: The provided FUNCTIONS_REFERENCE.md includes an escapeHTML() function, but the core workflow and examples do not provide instructions on when or how to apply it to untrusted data to mitigate injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 06:54 AM