obsidian-cli
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the obsidian CLI to interact with a running Obsidian instance, allowing the agent to manage vault content and modify application state. This includes the obsidian eval command, which enables arbitrary JavaScript execution within the Obsidian app context for development and debugging.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from Obsidian notes. 1. Ingestion points: Note content is retrieved using obsidian read and obsidian search commands. 2. Boundary markers: No delimiters or protective instructions are provided to separate data from commands. 3. Capability inventory: The agent has tools to modify the vault and execute code within the app. 4. Sanitization: No sanitization is applied to the ingested note content.
Audit Metadata