obsidian
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs
obsidian-cliusing a third-party Homebrew tap (yakitrak/yakitrak/obsidian-cli). Since the author and repository are not on the trusted list, there is a risk that the binary could contain malicious code or be updated without oversight. - [COMMAND_EXECUTION] (MEDIUM): The skill relies on executing shell commands via
obsidian-clito perform file operations like search, create, move, and delete. While intended for vault management, this provides a pathway for arbitrary file manipulation if the CLI tool or the inputs are compromised. - [DATA_EXPOSURE] (LOW): The skill explicitly reads
~/Library/Application Support/obsidian/obsidian.json. This is a sensitive configuration file containing metadata about the user's vaults and workspace state. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: Reads and searches the contents of markdown files (
*.md) within vaults. - Boundary markers: No delimiters or warnings are provided to prevent the agent from interpreting instructions found inside the notes.
- Capability inventory: The skill can create, move, and delete files via the CLI.
- Sanitization: There is no evidence of sanitization for note content before it is processed by the agent.
Audit Metadata