Skills
skills/molechowski/claude-skills/doc-obsidian/Gen Agent Trust Hub

doc-obsidian

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes @anthropic/qmd and notesmd-cli. @anthropic/qmd is a trusted package. notesmd-cli is an open-source tool from a third-party developer distributed through Homebrew.
  • [COMMAND_EXECUTION]: The skill performs shell commands for all vault tasks. This includes indexing, searching, and CRUD operations. It features a permanent delete command without trash recovery and suggests bash scripts for session logging and indexing.
  • [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface. The agent ingests data from vault notes (via qmd and notesmd-cli print) and has the capability to write or delete files within that vault. No boundary markers or 'ignore' instructions are provided to separate data from commands, and sanitization is limited to shell escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 10:29 AM