Skills
skills/kadel/claude-plugins/obsidian-notes/Gen Agent Trust Hub

obsidian-notes

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill is entirely focused on managing local Obsidian notes and does not exhibit any patterns related to data exfiltration, obfuscation, or unauthorized access.
  • [COMMAND_EXECUTION]: The skill utilizes the obsidian CLI tool (via commands like obsidian vault info=path) to retrieve information about the user's local vault. These commands are executed within a local context and are consistent with the skill's stated purpose.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data by reading local markdown files from the Obsidian vault, which serves as an attack surface for indirect prompt injection.
  • Ingestion points: SKILL.md specifies reading Vault Organization.md and Resources/Frontmatter Conventions.md to establish the source of truth for the vault.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when reading these files.
  • Capability inventory: The skill is granted access to the Bash tool (specifically for obsidian commands) and the Read tool as per the SKILL.md manifest.
  • Sanitization: No explicit sanitization or validation of the content of the markdown files is performed before the agent processes them.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 03:46 PM