obsidian-bases-manager
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script ('bases_ops.py') via the Bash tool to manage Obsidian database files. These commands are parameterized and used for reading, appending, and updating YAML-structured data.
- [EXTERNAL_DOWNLOADS]: The skill identifies 'ruamel' (referring to the ruamel.yaml library) as a dependency. This is a well-known and trusted library for preserving YAML formatting and comments during processing.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes content from external '.base' files.
- Ingestion points: The script reads content from user-provided '.base' files in 'scripts/bases_ops.py' via the 'read_base' and 'update_cell' functions.
- Boundary markers: There are no explicit boundary markers or instructions defined in the prompt context to prevent the agent from following instructions that might be embedded within the data files.
- Capability inventory: The skill has the capability to read from and write to the local file system using the Bash, Read, and Write tools.
- Sanitization: While the script validates that the file is valid YAML, it does not perform sanitization or filtering of the string values contained within the data fields before returning them to the agent context.
Audit Metadata