Skills
skills/zpankz/obsidian-skills/datacore/Gen Agent Trust Hub

datacore

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Mentions the official Datacore plugin repository on GitHub as an installation source via the BRAT plugin.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it facilitates the rendering of untrusted data from the user's Obsidian vault (file paths, content, and fields) within JSX views and queries without explicit sanitization.
  • Ingestion points: Data is ingested via dc.useQuery, dc.useCurrentFile, and dc.embed in SKILL.md.
  • Boundary markers: No delimiters or instructions to ignore embedded content are provided in the examples.
  • Capability inventory: The skill documentation enables the generation of JSX/React code that executes within the Obsidian application environment.
  • Sanitization: No sanitization or escaping techniques are demonstrated for data interpolated into query strings or UI components.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 02:49 PM