obsidian-diary
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill executes a shell script at
~/.gemini/skills/obsidian-people/run.sh. Executing local binaries or scripts based on skill instructions is a security risk if the script's origin or behavior is not verified. - [PROMPT_INJECTION] (LOW): The skill demonstrates a high surface for Indirect Prompt Injection. It mandates that the agent 'Follow the prompt and instructions at the top' of
Tools/chat/daily summary.md. Because this file contains raw content (e.g., speech-to-text), an attacker could inject instructions to hijack the agent. * Ingestion points:Tools/chat/daily summary.md(specifically the User section and the top of the file). * Boundary markers: Absent. No delimiters or 'ignore' warnings are used; the skill explicitly tells the agent to obey the file's internal instructions. * Capability inventory: Read/write/delete access to the Obsidian vault and execution of a local shell script. * Sanitization: None. The agent is instructed to use the content directly for formatting and summarization decisions.
Audit Metadata