doc-obsidian
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to install external CLI tools:
@anthropic/qmdvia npm andnotesmd-clivia Homebrew.@anthropicis a trusted organization, andnotesmd-cliis a standard utility for markdown management. - [COMMAND_EXECUTION]: The skill makes extensive use of CLI tools (
qmd,notesmd-cli) and shell commands (e.g.,cp,date,awk,sort,sed) to manage vault files and process metadata. It includes complex shell pipelines for advanced listing and automation scripts for memory capture. - [PROMPT_INJECTION]: The skill facilitates the ingestion of external data from an Obsidian vault into an AI agent's context window, which creates a surface for indirect prompt injection.
- Ingestion points: Markdown files within the Obsidian vault retrieved using
qmd search --mdandnotesmd-cli print. - Boundary markers: The skill does not provide instructions for the agent to use boundary markers or delimiters when reading vault content into its context.
- Capability inventory: The skill allows the agent to search, read, write, move, and delete files within the local vault using the provided CLI tools.
- Sanitization: No sanitization or content validation is specified for the note data before it is injected as LLM context.
Audit Metadata