Skills
skills/nweii/agent-stuff/obsidian-templater/Gen Agent Trust Hub

obsidian-templater

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill describes an indirect prompt injection surface by documenting how to ingest and process data from potentially untrusted sources.
  • Ingestion points: Functions like tp.file.content, tp.system.clipboard(), and tp.web.request() allow the agent to read external data into the template processing context.
  • Boundary markers: The documentation lacks instructions for the agent to treat external data as untrusted or to ignore embedded instructions.
  • Capability inventory: Templater can create new files (tp.file.create_new), rename or move files (tp.file.move), and execute arbitrary JavaScript code via execution tags (<%* %>).
  • Sanitization: There is no mention of content sanitization or validation before the data is used in template generation or execution.
  • [COMMAND_EXECUTION]: The skill mentions the obsidian-cli tool as a way to perform vault operations, which involves executing CLI commands such as obsidian read or obsidian properties.
  • [DATA_EXFILTRATION]: Documents the tp.web.request() function, which enables the skill to make HTTP GET requests to external URLs, creating a potential path for data transmission to non-whitelisted domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 05:30 AM