obsidian-second-brain
Fail
Audited by Snyk on Jun 27, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). Most links are GitHub/Gist resources (including a reputable Karpathy gist) and benign content (YouTube/example), but the set includes direct raw.githubusercontent.com shell-install scripts and instructions to curl|bash or npx-install code from third-party GitHub accounts (akillness, eugeniughelbur), which is a high-risk pattern because running unvetted remote scripts or installing executables from unknown repos can deliver malware.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow includes
/obsidian-ingest <url|file|image|audio>which fetches/reads outsider-provided web content (public pages) or outsider-authored media/transcripts, then rewrites/saves that readable text into the vault/LLM context—an indirect prompt-injection exposure path.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's install instructions explicitly fetch-and-run remote code (e.g., "curl -fsSL https://raw.githubusercontent.com/akillness/obsidian-second-brain/main/scripts/quick-install.sh | bash" and the git clone of https://github.com/akillness/obsidian-second-brain followed by "bash .../scripts/setup.sh"), which downloads and executes external scripts during setup and therefore can directly execute code that controls the agent.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata