Skills
skills/akillness/oh-my-skills/obsidian/Gen Agent Trust Hub

obsidian

Warn

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill promotes the use of npx github:gapmiss/obsidian-plugin-skill create-plugin to generate project boilerplate. This command downloads and executes a script directly from an unverified third-party GitHub repository.
  • [COMMAND_EXECUTION]: Provides documentation for the obsidian eval code="..." command, which allows the execution of arbitrary JavaScript within the context of the Obsidian desktop application.
  • [EXTERNAL_DOWNLOADS]: Instructs the agent to perform package installations using npm install for development tools and npx skills add or claude plugin marketplace add for skill distribution from the author's repository.
  • [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by using WebFetch and the Defuddle library to extract content from web pages. There is a risk that malicious instructions embedded in external web content could influence agent behavior during processing, as no specific boundary markers or sanitization logic are defined in the instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 03:20 PM