obsidian
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the 'obsidian-cli' tool from a third-party Homebrew tap ('yakitrak/yakitrak/obsidian-cli'). While this is the primary tool for the skill, it originates from an external, non-vendor source.
- [COMMAND_EXECUTION]: Executes several system commands via 'obsidian-cli', including searching content, creating notes, moving files, and deleting notes within the local file system.
- [DATA_EXFILTRATION]: Accesses the sensitive configuration file '~/Library/Application Support/obsidian/obsidian.json'. This file contains metadata about the user's vaults, including local absolute file paths.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the user's Markdown notes.
- Ingestion points: Reads content from Markdown files (*.md) via 'obsidian-cli search-content' in SKILL.md.
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands are provided.
- Capability inventory: Capability to create, rename, and delete files on the local disk via the 'obsidian-cli' wrapper.
- Sanitization: No sanitization or validation of the note content is performed before processing.
Audit Metadata