obsidian-canvas
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill requires the agent to execute a local Python script via the command line. This provides a mechanism to run code on the underlying system.
- [PROMPT_INJECTION] (MEDIUM): The skill processes untrusted user input to populate canvas content. This creates an indirect prompt injection surface where malicious data could influence agent behavior. Evidence: Ingestion in node text fields; Boundary markers: Absent; Capabilities: Command execution and file system access; Sanitization: Not provided in instructions.
- [DATA_EXPOSURE] (MEDIUM): The JSON schema includes an output filename parameter. If the library script does not implement strict path validation, an attacker could use this to perform path traversal and write to unauthorized locations on the filesystem.
- [EXTERNAL_DOWNLOADS] (LOW): The core library script is external to the provided text files, meaning its internal logic and safety cannot be verified.
Audit Metadata