obsidian
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing 'obsidian-cli' via a third-party Homebrew tap (yakitrak/yakitrak/obsidian-cli) which is not among the trusted vendor repositories.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to execute 'obsidian-cli', allowing the agent to search vault content and perform file system operations like creating, moving, and deleting notes.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) as it reads and processes data from user-controlled Markdown files.
- Ingestion points: Reads Markdown notes (*.md) and vault configuration (obsidian.json).
- Boundary markers: No delimiters or protective instructions are used to distinguish note data from agent commands.
- Capability inventory: The skill can search, create, rename, and delete files on the local disk.
- Sanitization: Content read from the vault is processed without validation or filtering.
Audit Metadata