obc
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely within the user's local environment or authorized integrations. It relies on a local binary (
/usr/local/bin/obsidian) and a set of local shell scripts to process vault data. - [COMMAND_EXECUTION]: The skill frequently executes shell scripts (
scripts/*.sh) and the Obsidian CLI to perform read and search operations. These operations are limited to the scope of the Obsidian vault and standard productivity tools. - [DATA_EXPOSURE]: The skill handles highly sensitive information, including personal journals, emails, and financial planning data (via
/money). Analysis shows this data is used for grounding the agent's reasoning and is not transmitted to unauthorized external domains. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection due to its core functionality.
- Ingestion points: Processes all markdown files in the vault, including daily notes, project contexts, and external social media content retrieved via
/xdaily. - Boundary markers: Absent. The instructions do not define delimiters to separate system instructions from the untrusted content found in notes.
- Capability inventory: Extensive. The skill can write files, send emails (via Gmail MCP), modify calendars, and execute shell commands.
- Sanitization: Not observed. Note content is directly used to generate summaries and synthesize narratives. While this is a structural risk, it is inherent to the intended use case of a PKM agent.
Audit Metadata