obsidian
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes scripts (
obsidian-api.py,obsidian-vault.sh) designed to interact with the local filesystem and the Obsidian application. It provides capabilities to read, write, and delete files within an Obsidian vault, and to execute Obsidian application commands via its Local REST API and URI scheme. These functions are consistent with the skill's primary purpose of vault management. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it is designed to ingest and process markdown notes from a vault.
- Ingestion points:
scripts/obsidian-api.py(reads note content via API),scripts/obsidian-vault.sh(reads notes via grep/cat). - Boundary markers: None implemented in scripts to distinguish between instructions and data.
- Capability inventory: File system writes (vault-scoped), Obsidian command execution (app-scoped).
- Sanitization: No content sanitization is performed on ingested note data.
- [REMOTE_CODE_EXECUTION]: The Python client
scripts/obsidian-api.pyexplicitly disables SSL verification (urllib3.disable_warningsandverify_ssl=False) to accommodate the self-signed certificates typically used by the Obsidian Local REST API plugin on127.0.0.1. This is a documented requirement for the plugin's functionality and is restricted to local traffic.
Audit Metadata