plugins-themes
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes an
obsidian evalcommand that allows the execution of arbitrary JavaScript within the Obsidian application runtime. This grants complete access to the internal API and all vault data, which could be exploited to exfiltrate information. - [COMMAND_EXECUTION]: The
obsidian dev:screenshotcommand allows the agent to capture screenshots of the application window, creating a risk that sensitive information displayed in the UI could be collected without explicit user consent. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted parameters for commands without validation or isolation. ● Ingestion points: User-supplied plugin identifiers and JavaScript code blocks are interpolated into shell commands. ● Boundary markers: There are no delimiters or instructional boundaries to prevent the agent from executing commands embedded within the data it processes. ● Capability inventory: The skill can execute shell commands with capabilities for code evaluation and system-level screen capture. ● Sanitization: No sanitization or escaping is performed on the input arguments before they are passed to the CLI.
Audit Metadata