obsidian-plugin

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill provides extensive documentation on security best practices, specifically warning against XSS vulnerabilities (innerHTML) and recommending safe API alternatives (requestUrl instead of fetch).
  • [COMMAND_EXECUTION]: The skill includes a boilerplate generator (scripts/create-plugin.js) and an environment setup script (scripts/install.sh). These scripts use standard Node.js and Bash commands to create file structures and manage project configurations. User-provided input for project names and IDs is sanitized and validated using regex before being used in file generation.
  • [EXTERNAL_DOWNLOADS]: The setup instructions involve installing standard development dependencies from the npm registry (e.g., eslint-plugin-obsidianmd, esbuild) and using npx to execute the generator directly from the project's repository. These are established workflows for plugin development.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — obsidian-plugin