obsidian
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
obsidian-cliutility via a third-party Homebrew tap atyakitrak/yakitrak/obsidian-cli. - [COMMAND_EXECUTION]: The skill executes
obsidian-clicommands to interact with the local file system for searching note content, managing file paths, and reading the vault configuration file at~/Library/Application Support/obsidian/obsidian.json. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted Markdown data. 1. Ingestion points: The skill reads note content from the vault using the
obsidian-cli search-contentcommand. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are specified in the skill file. 3. Capability inventory: The skill can perform file system modifications includingcreate,move, anddeleteoperations viaobsidian-cli. 4. Sanitization: There is no evidence of content sanitization or validation before the agent processes the note data.
Audit Metadata