obsidian-tasks
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructions direct the agent to execute
scripts/setup.pywith vault paths and parameters. As the script's source code is not provided, its actions on the host system cannot be fully audited. - PROMPT_INJECTION (MEDIUM): The skill is vulnerable to indirect prompt injection (Category 8) as it parses untrusted markdown files to synchronize task boards and dashboards.
- Ingestion points: Per-task markdown notes and referenced documents in the Obsidian vault.
- Boundary markers: Absent; uses standard markdown and YAML structures which are easily spoofed.
- Capability inventory: Subprocess execution (via the setup script) and file system write access (modifying board and note files).
- Sanitization: None specified; the skill directly interprets frontmatter fields and card content.
Audit Metadata