obsidian-check
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs official and well-known development dependencies, including eslint and eslint-plugin-obsidianmd, via the npm registry to support code analysis.
- [COMMAND_EXECUTION]: Executes shell commands such as npm install, npx tsc, and npx eslint to perform static analysis and ensure project health.
- [PROMPT_INJECTION]: The skill ingests untrusted local source code, creating an indirect prompt injection attack surface.
- Ingestion points: local source files in the src/ directory and project configuration files like package.json and manifest.json.
- Boundary markers: the skill lacks explicit boundary markers or instructions to the agent to ignore instructions embedded in the analyzed code.
- Capability inventory: includes the ability to execute shell commands and write to the local file system during automated fix procedures.
- Sanitization: no specific sanitization or escaping of ingested file content is performed prior to processing.
Audit Metadata