Skills
skills/magic5644/skills/obsidian-commander/Gen Agent Trust Hub

obsidian-commander

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions in SKILL.md and README.md provide clear operational guidelines without attempting to bypass safety filters or override agent behavior. No 'jailbreak' or behavior-altering patterns were detected.
  • [DATA_EXFILTRATION]: No evidence of hardcoded credentials, sensitive file exfiltration, or unauthorized network operations. The skill primarily interacts with a local Obsidian vault directory as expected. Network activity is limited to standard library behavior, such as sentence-transformers downloading pre-trained models from Hugging Face.
  • [REMOTE_CODE_EXECUTION]: The skill does not perform remote code execution. Dependencies listed in requirements.txt are well-known, legitimate packages for data processing and machine learning (e.g., sentence-transformers, faiss-cpu).
  • [COMMAND_EXECUTION]: The skill documentation includes references to the official Obsidian CLI tool. While the CLI supports an eval command for JavaScript execution within the Obsidian app, the skill itself does not invoke this command maliciously or automatically; it provides it as part of a reference guide for vault management.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it can ingest external content (HTML, CSV, JSON) into the vault via scripts/ingest.py. However, this is a primary function of the tool, and the risk is mitigated by standard agent context handling of ingested data.
  • Ingestion points: scripts/ingest.py (reads external files and converts them to Markdown).
  • Boundary markers: Absent in scripts; reliance on agent's internal context management.
  • Capability inventory: File writing (pathlib), bulk metadata updates (bulk_properties.py), and folder management (scaffold_vault.py).
  • Sanitization: Includes sanitize_filename in scripts/ingest.py to prevent path traversal or invalid file names during ingestion.
  • [DYNAMIC_EXECUTION]: No usage of eval(), exec(), or dynamic code generation was found in the provided Python scripts. All vault operations use structured libraries like PyYAML and SentenceTransformer.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:51 AM