obsidian
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill metadata specifies the installation of
obsidian-clivia Homebrew from the repositoryyakitrak/yakitrak/obsidian-cli. This repository and author are not part of the defined trusted organizations list, making this an unverifiable external dependency. - COMMAND_EXECUTION (LOW): The skill is designed to execute various file system operations (search, create, move, delete) using the
obsidian-clibinary. While these actions are central to the skill's purpose, they represent a capability that could be abused if the agent is influenced by malicious input. - INDIRECT_PROMPT_INJECTION (LOW): The skill has a clear attack surface for indirect prompt injection.
- Ingestion points: The skill reads content from local Markdown notes (
*.md) and the Obsidian configuration file (obsidian.json). - Boundary markers: Absent. There are no instructions to the agent to treat note content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill can create, rename, and delete files on the local filesystem via
obsidian-cli. - Sanitization: Absent. Data read from the notes is passed directly to CLI commands without filtering or validation.
Audit Metadata