obsidian-organizer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script (
scripts/obsidian_audit.py) to perform file operations within the user's Obsidian vault. The script provides a dry-run mode by default and only applies changes when the--applyflag is explicitly provided. It performs deterministic renames using kebab-case normalization and excludes sensitive directories like.obsidianand specific reserved filenames such asMEMORY.mdandAGENTS.mdto prevent accidental disruption of agent or system files. - [DATA_EXPOSURE]: No data exfiltration or unauthorized exposure patterns were detected. The Python script operates exclusively on the local file system using the path provided by the user and does not include any network-related libraries or functions.
- [PROMPT_INJECTION]: The skill and its associated documentation use standard instructional language to guide the AI agent. No attempts to override system safety filters or disregard prior instructions were found.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data (filenames in an Obsidian vault). While this represents a potential injection surface, the risk is mitigated by deterministic sanitization (regex-based normalization) in the script and explicit dry-run/confirmation steps in the workflow.
- Ingestion points: File names are read from the local vault directory in
scripts/obsidian_audit.py. - Boundary markers: The
SKILL.mdworkflow mandates a dry-run/proposal phase before any changes are applied. - Capability inventory: The script has permission to rename files within the specified vault path.
- Sanitization: The
kebab()function in the audit script uses a strict whitelist regex[^a-z0-9-]to sanitize names before proposing or applying changes.
Audit Metadata