obsidian-cli
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a guide and wrapper for the official Obsidian CLI, enabling users to automate their local notes and application state. No suspicious external connections or obfuscated payloads were detected.
- [COMMAND_EXECUTION]: Local bash scripts (scripts/run-command.sh and scripts/open-uri.sh) facilitate interactions with the Obsidian binary and URI handoff. These scripts use safe execution patterns and are limited to local app control.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it interacts with untrusted data in note files.
- Ingestion points: Data enters the context via the obsidian read and obsidian search commands used in SKILL.md and related scripts.
- Boundary markers: None are present to distinguish vault content from agent instructions.
- Capability inventory: The skill allows the use of the Bash tool and the obsidian eval command (documented in references/commands-and-developer-tools.md), which can execute code within the app.
- Sanitization: There is no specific logic to sanitize or escape data read from the vault before the agent processes it.
Audit Metadata