obsidian
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of an external binary 'obsidian-cli' from a third-party GitHub repository (yakitrak/obsidian-cli) using the Homebrew package manager.
- [COMMAND_EXECUTION]: The skill uses 'obsidian-cli' to perform file system operations, including searching, creating, moving, and deleting files within the local Obsidian vault. It also reads the application's configuration file located at '~/Library/Application Support/obsidian/obsidian.json' to identify active vaults.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the content of Markdown files which could contain malicious instructions. * Ingestion points: Content is read from Markdown notes (*.md) via 'obsidian-cli search-content' or direct file access. * Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the prompt templates. * Capability inventory: The agent has the ability to create, rename, and delete files within the vault using the 'obsidian-cli'. * Sanitization: There is no evidence of content sanitization or validation before the Markdown data is interpreted by the agent.
Audit Metadata