obsidian-dashboard
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's generated HTML dashboard references the Chart.js library from the jsDelivr CDN. This is a well-known service for delivering open-source libraries and is considered a safe external dependency.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and processes untrusted vault data.
- Ingestion points: The
analyze_vault.pyscript reads markdown files and directory structures from user-specified vault paths. - Boundary markers: No explicit markers or instructions are used to separate external file content from agent instructions in the output reports.
- Capability inventory: The script performs file system reads and writes report files locally (JSON, HTML, and Markdown).
- Sanitization: Vault content such as tag names and file paths are extracted and included in the generated reports without sanitization against potential instruction-based markers that could influence the agent when it reads the analysis output.
Audit Metadata