obsidian-bases
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a documentation guide and syntax reference for the Obsidian Bases plugin. It includes code block examples for creating structured YAML configuration files and does not contain any executable scripts or binary payloads.
- [DATA_EXFILTRATION]: The skill documents functions for accessing file metadata (such as
file.path,file.size, andfile.mtime) and afile(path)function. These are standard features for a vault-based data dashboard and are used here for legitimate sorting and filtering within the local Obsidian environment without instructions for network exfiltration. - [PROMPT_INJECTION]: The skill documents a data ingestion surface where the agent generates queries that process untrusted data from Obsidian notes.
- Ingestion points: Obsidian vault notes, frontmatter properties, and file system metadata (SKILL.md).
- Boundary markers: Absent. The skill does not provide specific instructions for the agent to wrap untrusted content in delimiters.
- Capability inventory: The agent can create and edit .base files which support a custom expression language and raw HTML rendering (SKILL.md).
- Sanitization: The skill documents an
escapeHTML()function but also includes anhtml()function for raw rendering, which is a documented feature of the target plugin.
Audit Metadata