obsidian-second-brain

Fail

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation in SKILL.md and references/install.md explicitly instructs users to perform installation by piping a remote shell script from GitHub directly into bash (curl -fsSL ... | bash).
  • [EXTERNAL_DOWNLOADS]: The installation and setup processes rely on downloading external scripts and cloning repositories from GitHub, as seen in scripts/install.sh and the installation guides.
  • [COMMAND_EXECUTION]: The scripts/install.sh script uses jq to programmatically modify the ~/.jeo/config.json file. This action registers a persistent post-turn hook that executes a validation script whenever tools are used, which is a form of automated persistence.
  • [COMMAND_EXECUTION]: The skill uses various high-leverage CLI tools including git, npx, and uv to manage the environment and install dependencies.
  • [PROMPT_INJECTION]: The /obsidian-ingest feature introduces a surface for indirect prompt injection. By fetching and processing content from external URLs, PDFs, and media transcripts, the skill could ingest malicious instructions that manipulate how the AI agent summarizes or rewrites vault content.
  • Ingestion points: references/commands.md describes /obsidian-ingest taking URLs and files as input.
  • Boundary markers: No explicit prompt delimiters or instructions to ignore embedded commands were found in the provided files.
  • Capability inventory: The skill has broad permissions including Bash execution and full file system access (Read, Write, Edit).
  • Sanitization: There is no evidence of sanitization or filtering of external data before it is processed by the AI to update the vault.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/akillness/obsidian-second-brain/main/scripts/quick-install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 27, 2026, 04:58 AM
Security Audit — agent-trust-hub — obsidian-second-brain