Skills
skills/breferrari/obsidian-mind/obsidian-cli/Gen Agent Trust Hub

obsidian-cli

Warn

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the obsidian CLI tool to perform various file and application-level operations on the local system.
  • [REMOTE_CODE_EXECUTION]: The command obsidian eval enables the execution of arbitrary JavaScript within the running Obsidian application context. This is a powerful feature intended for developers but poses a significant risk if the agent is induced to run malicious scripts.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted content from the user's Obsidian vault.
  • Ingestion points: The skill retrieves data through obsidian read, obsidian search, obsidian dev:console, and obsidian dev:errors (SKILL.md).
  • Boundary markers: There are no explicit instructions or delimiters provided to help the agent distinguish between data and potential instructions embedded within the notes.
  • Capability inventory: The skill has the ability to create and modify files (obsidian create, obsidian append), and execute arbitrary code via the application context (obsidian eval) (SKILL.md).
  • Sanitization: No methods for sanitizing or validating the content retrieved from the vault are specified.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 11:21 AM
Security Audit — agent-trust-hub — obsidian-cli