obsidian-init
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns such as exfiltration, obfuscation, or persistence were detected. The skill performs legitimate operations consistent with managing a local knowledge base.
- [COMMAND_EXECUTION]: Local Python scripts (init_vault.py, vault_ops.py, parser.py) perform file and directory operations within the specified vault root. These include creating configuration files, updating gitignore, and performing note CRUD operations using safe atomic write patterns.
- [EXTERNAL_DOWNLOADS]: The documentation identifies dependencies on obsidian-cli (NPM) and ruamel.yaml (PyPI), which are well-known and standard components of the Obsidian and Python ecosystems.
- [PROMPT_INJECTION]: The skill handles local markdown files, creating an indirect prompt injection surface. (1) Ingestion points: Markdown content is read by parser.py and vault_ops.py. (2) Boundary markers: No explicit delimiters are used to isolate data from instructions. (3) Capability inventory: The skill has file creation and modification capabilities via scripts/vault_ops.py. (4) Sanitization: No content filtering or validation is performed on the ingested markdown data.
Audit Metadata