obsidian-yaml-frontmatter
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). It processes untrusted content from Obsidian vaults and has write permissions.
- Ingestion points: The skill reads markdown files from the user vault using the 'Read' tool.
- Boundary markers: Absent. No specific delimiters or instructions exist to separate metadata from potential malicious instructions.
- Capability inventory: The 'Edit' tool allows the agent to modify files based on its interpretation of the frontmatter.
- Sanitization: Absent. The skill lacks logic to sanitize or validate the content it reads before acting on it.
Recommendations
- AI detected serious security threats
Audit Metadata