Skills
skills/zhanlincui/ultimate-agent-skills-collection/obsidian-helper/Gen Agent Trust Hub

obsidian-helper

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and summarizes external note data.
  • Ingestion points: Data is ingested via obsidian_get_file_contents and obsidian_batch_get_file_contents tools.
  • Boundary markers: The skill does not implement delimiters or 'ignore' instructions when processing vault content.
  • Capability inventory: The skill has permissions to write to the file system using obsidian_append_content and obsidian_patch_content.
  • Sanitization: Retrieved content is not sanitized or escaped before being processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The configuration guide directs users to download a package from the npm registry.
  • Evidence: Setup instructions recommend running npx -y mcp-obsidian.
  • Context: This targets a well-known service (npm) for standard tool installation.
  • [COMMAND_EXECUTION]: The documentation provides bash commands for the user to configure their local environment.
  • Evidence: Commands such as mkdir -p ~/.claude and cat >> ~/.claude/mcp.json are presented in the setup section.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 05:10 PM