Skills
skills/laurigates/claude-plugins/plugins-themes/Gen Agent Trust Hub

plugins-themes

Fail

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute system commands through the obsidian CLI, allowing for interaction with the local environment.
  • [REMOTE_CODE_EXECUTION]: The obsidian eval command allows for the execution of arbitrary JavaScript code within the Obsidian application context. This provides a direct path for an attacker to execute malicious logic if the agent processes untrusted input into the code parameter.
  • [DYNAMIC_EXECUTION]: The skill facilitates the assembly and execution of JavaScript code at runtime via obsidian eval code="...". This is a high-risk functionality that can be used to bypass security controls or access sensitive data within the Obsidian vault (e.g., using app.vault.read()).
  • [DATA_EXPOSURE]: The obsidian dev:screenshot command allows the agent to capture images of the Obsidian application window. If sensitive documents are open in the vault, this capability can be used to extract visual information without explicit user consent for each capture.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 9, 2026, 08:11 PM