Skills
skills/alahmadiq8/skills/obsidian-dataview/Gen Agent Trust Hub

obsidian-dataview

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides documentation for 'dataviewjs' blocks and the 'dv.executeJs()' function. These features allow the agent to generate and potentially trigger the execution of arbitrary JavaScript code within the Obsidian application.
  • [COMMAND_EXECUTION]: The documentation for 'dv.view()' in 'references/javascript-api.md' describes a mechanism for dynamically loading and executing JavaScript files stored within the vault, which constitutes a dynamic code execution surface.
  • [DATA_EXFILTRATION]: API methods such as 'dv.io.load()' and 'dv.page()' are documented, which grant the ability to read the full content of any file in the Obsidian vault. This capability could be leveraged to expose sensitive local data if manipulated by a malicious input.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and process data from user-controlled notes.
  • Ingestion points: Data is ingested via 'dv.pages()', 'dv.io.load()', and implicit metadata fields described in 'references/metadata-and-types.md'.
  • Boundary markers: The skill does not provide specific instructions or delimiters to help the agent distinguish between note data and instructions.
  • Capability inventory: The skill enables file reading ('dv.io.load'), script execution ('dv.view', 'dataviewjs'), and external link generation ('elink').
  • Sanitization: There are no instructions for sanitizing or validating the data retrieved from notes before it is used in query generation or displayed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 04:13 AM