obsidian-plugin
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides extensive documentation on security best practices, specifically warning against XSS vulnerabilities (
innerHTML) and recommending safe API alternatives (requestUrlinstead offetch). - [COMMAND_EXECUTION]: The skill includes a boilerplate generator (
scripts/create-plugin.js) and an environment setup script (scripts/install.sh). These scripts use standard Node.js and Bash commands to create file structures and manage project configurations. User-provided input for project names and IDs is sanitized and validated using regex before being used in file generation. - [EXTERNAL_DOWNLOADS]: The setup instructions involve installing standard development dependencies from the npm registry (e.g.,
eslint-plugin-obsidianmd,esbuild) and usingnpxto execute the generator directly from the project's repository. These are established workflows for plugin development.
Audit Metadata