obsidian-graph-traversal
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's core logic in
scripts/graph_ops.pyandobsidian-parser/parser.pyis restricted to local filesystem operations (reading .md files and writing a JSON index). No network requests or data exfiltration patterns (curl, wget, requests) were found. - [SAFE]: Analysis of the Python scripts confirms the use of standard libraries and deterministic regex for wikilink extraction. No dynamic code execution (eval, exec) or remote code downloads were identified.
- [SAFE]: The skill documentation (
resources/safety-learnings.md) demonstrates a strong security posture by implementing atomic writes, advisory locking, and mtime checks to prevent data corruption during concurrent access. - [SAFE]: No obfuscation (Base64, zero-width characters, homoglyphs) or persistence mechanisms were found in any of the 10 analyzed files.
- [SAFE]: Indirect Prompt Injection Risk: While the skill ingests untrusted markdown data from the vault (Ingestion points:
scripts/graph_ops.py), it only extracts specific wikilink patterns via static regex (Sanitization) and does not interpret note content as instructions. The capabilities are limited to returning note names (Capability inventory), and the operation is passive (Boundary markers: N/A).
Audit Metadata