obsidian
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (CRITICAL): Automated security scanning (URLite) identified a blacklisted URL in the skill's 'Requirements.md' file. This detection indicates the presence of links to known malicious domains within the skill repository.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). It is designed to ingest and organize local markdown vaults where untrusted data could contain instructions targeting the agent. 1. Ingestion points: local Markdown files in '~/Documents/ObsidianVault'. 2. Boundary markers: Absent. 3. Capability inventory: Uses 'Dataview' and 'Templater' plugins which can execute logic or queries based on note content. 4. Sanitization: No sanitization or escaping of external note content is implemented.
- COMMAND_EXECUTION (SAFE): The installation instructions for the Obsidian application utilize standard system package managers (Homebrew, Flatpak) and point to official project websites.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata