obsidian-process
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests and analyzes user-controlled content from an Obsidian vault. Malicious instructions placed in markdown files could influence the agent's logic during processing.
- Ingestion points:
examples/lsp_backlink_analysis.pyusesvault_path.glob("**/*.md")to read all markdown files within the target vault. - Boundary markers: No explicit delimiters or safety warnings are present to distinguish between data and instructions during processing.
- Capability inventory: The skill can modify vault files via
frontmatter_processor.pyand write analysis reports to disk as seen inexamples/lsp_backlink_analysis.py. - Sanitization: No sanitization of the markdown content is performed before analysis or reporting.
- EXTERNAL_DOWNLOADS (LOW): The setup guide in
docs/LSP_QUICKSTART.mdinstructs users to installmarkdown-oxideviacargo install. While this is necessary for the skill's primary purpose, it involves downloading and executing a third-party binary from an external source (crates.io).
Audit Metadata