obsidian-vault-builder

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a template for a JavaScript macro (transcribeVoice.js) that utilizes child_process.execFile to execute a local binary (claude.exe) with arguments. This pattern allows the agent or user to spawn subprocesses with dynamically constructed prompts.
  • [DYNAMIC_EXECUTION]: The skill includes complete JavaScript code snippets for implementation as QuickAdd User Scripts. These scripts load internal Node.js modules like child_process, path, and util to perform file system operations and execute commands outside the typical AI agent sandbox.
  • [EXTERNAL_DOWNLOADS]: The documentation references multiple third-party Obsidian plugins and an "obsidian.com" CLI tool. Some recommended plugins (e.g., Claudian, ObsidiBot) are explicitly described as being unavailable in the official Obsidian store, necessitating the use of the "BRAT" plugin for direct installation from GitHub. The use of a command named obsidian.com is particularly notable on Windows systems, where the .com extension represents an executable file format, posing a potential risk if a malicious file with that name is present in the working directory.
  • [DATA_EXFILTRATION]: The skill details the use of curl to interact with the Obsidian Local REST API, involving the handling of sensitive bearer tokens ($OBSIDIAN_REST_API_KEY). While the examples target localhost, the methodology establishes a capability for network-based data movement from the vault environment.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes arbitrary Markdown content from a user's vault to automate workflows. The transcribeVoice.js script interpolates external file paths directly into prompts for secondary AI processes without boundary markers or sanitization, creating an attack surface where untrusted vault content could influence agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 03:39 AM
Security Audit — agent-trust-hub — obsidian-vault-builder