obsidian-cli

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill serves as a guide and wrapper for the official Obsidian CLI, enabling users to automate their local notes and application state. No suspicious external connections or obfuscated payloads were detected.
  • [COMMAND_EXECUTION]: Local bash scripts (scripts/run-command.sh and scripts/open-uri.sh) facilitate interactions with the Obsidian binary and URI handoff. These scripts use safe execution patterns and are limited to local app control.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it interacts with untrusted data in note files.
  • Ingestion points: Data enters the context via the obsidian read and obsidian search commands used in SKILL.md and related scripts.
  • Boundary markers: None are present to distinguish vault content from agent instructions.
  • Capability inventory: The skill allows the use of the Bash tool and the obsidian eval command (documented in references/commands-and-developer-tools.md), which can execute code within the app.
  • Sanitization: There is no specific logic to sanitize or escape data read from the vault before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:07 AM
Security Audit — agent-trust-hub — obsidian-cli