Skills
skills/zhanlincui/agent-skills-hunter/obsidian-helper/Gen Agent Trust Hub

obsidian-helper

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill reads user-controlled data from Obsidian notes to generate summaries and manage tasks, creating a surface for indirect prompt injection. \n
  • Ingestion points: Note content is retrieved via obsidian_get_file_contents and obsidian_batch_get_file_contents in SKILL.md (e.g., during /daily and /review workflows). \n
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands when processing note content. \n
  • Capability inventory: The skill can create and modify files in the Obsidian vault using obsidian_append_content and obsidian_patch_content tools. \n
  • Sanitization: No sanitization or validation of the ingested note content is performed before it is processed by the AI.\n- [EXTERNAL_DOWNLOADS]: The skill recommends installing the mcp-obsidian package from the official NPM registry. This is a standard and well-known tool required for the skill's core functionality.\n- [COMMAND_EXECUTION]: The SKILL.md and README.md files provide shell commands (e.g., cat, mkdir) for the user to manually configure the local MCP settings in ~/.claude/mcp.json. These commands are provided for user-initiated configuration and are transparent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 02:59 AM