obsidian
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to use the obsidian-cli utility to perform actions such as searching for notes, reading content, and managing vault files.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes content from markdown notes that may contain instructions for the agent. Ingestion points: Note content read via obsidian-cli search-content or direct file access. Boundary markers: No delimiters or ignore instructions are specified for handling note data. Capability inventory: Includes the ability to execute CLI commands and write to the local filesystem. Sanitization: No sanitization or validation of the ingested note content is described.
Audit Metadata