search-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes commands via a local
obsidianCLI to perform vault search, tag management, and link traversal. These commands are local and consistent with the primary purpose of the skill. - [PROMPT_INJECTION]: The skill ingests untrusted data from the local Obsidian vault, representing a surface for indirect prompt injection. 1. Ingestion points: Results from
obsidian searchandobsidian tagcommands. 2. Boundary markers: Absent; note content is processed directly by the agent. 3. Capability inventory: Access toBash,Read,Grep, andGlobtools. 4. Sanitization: Content is not validated or sanitized before processing.
Audit Metadata