obsidian
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of
obsidian-clifrom theyakitrak/yakitrak/obsidian-cliHomebrew tap. - [DATA_EXFILTRATION]: The skill accesses the Obsidian application's configuration at
~/Library/Application Support/obsidian/obsidian.jsonto determine the location of user vaults on the disk. - [PROMPT_INJECTION]: The skill reads and searches content within user-controlled Markdown notes, which could contain malicious instructions.
- Ingestion points: Notes are accessed using
obsidian-cli search-contentand by reading*.mdfiles as documented inSKILL.md. - Boundary markers: There are no instructions or delimiters provided to ensure the agent ignores commands embedded within notes.
- Capability inventory: The skill possesses the ability to create, move, delete, and search notes, as well as perform direct file modifications.
- Sanitization: No sanitization or validation of note content is performed before processing.
Audit Metadata