publish-sync
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security concerns were identified in the skill. The instructions provide legitimate workflows for interacting with Obsidian's official services.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute obsidian CLI commands. These operations are scoped to the intended functionality of managing vault metadata and sync states.
- [PROMPT_INJECTION]: The skill processes user-provided file names and search queries (Ingestion point: SKILL.md). While it lacks explicit boundary markers or sanitization logic, its capabilities are restricted to legitimate Obsidian CLI operations (Capability inventory: Bash tool), posing minimal risk in this context.
Audit Metadata