Skills
skills/pedronauck/skills/obsidian-cli/Gen Agent Trust Hub

obsidian-cli

Warn

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the use of the obsidian CLI tool for interacting with a running Obsidian instance and its local files.
  • [DYNAMIC_EXECUTION]: The obsidian eval command allows the agent to run arbitrary JavaScript code within the application's context. This is a powerful feature intended for developers that enables runtime code execution.
  • [INDIRECT_PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from an Obsidian vault, which serves as an attack surface for indirect prompt injection.
  • Ingestion points: Note content and vault data are read via obsidian read, obsidian daily:read, and obsidian search as described in SKILL.md.
  • Boundary markers: Absent; no delimiters or explicit instructions are provided to help the agent distinguish between note content and its own operating instructions.
  • Capability inventory: The agent has extensive capabilities including file system modification (obsidian create), arbitrary JavaScript execution (obsidian eval), and application UI inspection (obsidian dev:screenshot, dev:dom).
  • Sanitization: Absent; the skill does not require validation or sanitization of content retrieved from the vault before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 4, 2026, 05:38 PM