Skills
skills/libukai/awesome-agent-skills/obsidian-to-x/Gen Agent Trust Hub

obsidian-to-x

Warn

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes pkill to terminate existing Chrome or Chromium processes using remote debugging ports to prevent port conflicts during browser automation.
  • [COMMAND_EXECUTION]: Uses platform-specific utilities to simulate 'Paste' keyboard shortcuts (Cmd+V/Ctrl+V), utilizing osascript on macOS, PowerShell on Windows, and xdotool or ydotool on Linux.
  • [REMOTE_CODE_EXECUTION]: Dynamically generates and executes Swift code on macOS (via swift command) to handle image data transfer to the system clipboard, which is a form of runtime code generation and execution.
  • [EXTERNAL_DOWNLOADS]: Automatically downloads remote images referenced in Markdown notes to a local temporary directory using curl and the Node.js https module.
  • [COMMAND_EXECUTION]: Spawns various system processes including bun, npx, jq, and browser executables using child_process.spawn and spawnSync across multiple scripts.
  • [DATA_EXFILTRATION]: Accesses local Obsidian configuration files (e.g., .obsidian/workspace.json, .obsidian/app.json) and reads the contents of user notes to facilitate content conversion and publishing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 12:51 AM