obsidian-publisher
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- Command Execution (MEDIUM): The create_note function is susceptible to path traversal. While the filename itself is sanitized, the folder parameter is appended directly to the vault path using the / operator. A malicious folder path (e.g., ../../) would allow the agent to write files to arbitrary locations on the filesystem where the user has write permissions.
- Indirect Prompt Injection (LOW): The skill creates a surface for indirect prompt injection by ingesting untrusted data and writing it to files that may be interpreted by the agent or other users later. 1. Ingestion points: The content and frontmatter arguments in the create_note function. 2. Boundary markers: None; the content is written as-is to the markdown file. 3. Capability inventory: Local file system write access via pathlib.Path.write_text. 4. Sanitization: Filename characters are sanitized, but the content of the markdown file and YAML frontmatter are not validated or escaped.
Audit Metadata