Skills
skills/gwenwindflower/dotfiles/obsidian-cli/Gen Agent Trust Hub

obsidian-cli

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes an eval command (obsidian eval code="...") that permits the execution of arbitrary JavaScript within the Obsidian application environment. This dynamic code execution capability could be exploited to run malicious logic if the input is influenced by untrusted sources.
  • [DATA_EXFILTRATION]: Several commands provide access to potentially sensitive local information, including reading vault file content (obsidian read), capturing screenshots of the application (obsidian dev:screenshot), and accessing application console logs (obsidian dev:console).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it is designed to ingest and process data from local notes. Malicious instructions embedded within a note could be executed by the agent upon reading.
  • Ingestion points: SKILL.md (via obsidian read, obsidian search, obsidian dev:console)
  • Boundary markers: Absent
  • Capability inventory: obsidian create, obsidian eval, obsidian append across SKILL.md
  • Sanitization: Absent
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 06:00 AM
Security Audit — agent-trust-hub — obsidian-cli