obsidian-vault-context
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [Data Exposure] (LOW): Hardcoded absolute file paths (e.g.,
/Users/steve/Documents/Main) expose a specific local username and internal directory structure. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest external research content and write it directly into markdown files without sanitization or boundary markers.
- Ingestion points: Research capture template and existing note content read via
read_filein SKILL.md. - Boundary markers: Absent; the skill uses direct string concatenation without delimiters for external data.
- Capability inventory: File writing (
write), text manipulation (search_replace), and CLI interaction (obsidian-cli). - Sanitization: Absent; the instructions assume external content is safe to append.
- [Unverifiable Dependencies] (LOW): The skill relies on
obsidian-cli, an external tool whose source and integrity are not specified or verified within the skill context.
Audit Metadata