codex-obsidian
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install external packages from third-party sources.
- Evidence:
npm install -g @bitbonsai/mcpvaultandcli-hub install obsidianinSKILL.md. - [COMMAND_EXECUTION]: The skill utilizes shell commands to install software and configure the agent's environment.
- Evidence: Use of
npm,npx, andcodex mcp addcommands inSKILL.md. - [DATA_EXFILTRATION]: The skill is designed to grant the agent read and write access to a local Obsidian vault, which contains private user data.
- Evidence: Instructions for authorizing vault folders and providing vault paths to the MCP server.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from the user's Obsidian vault.
- Ingestion points: Local files within the Obsidian vault path provided by the user (SKILL.md).
- Boundary markers: None identified in the skill instructions to separate file content from system instructions.
- Capability inventory: The skill provides read and write access to the local file system via the configured MCP server (SKILL.md).
- Sanitization: No sanitization or validation of the vault content is mentioned before it is processed by the agent.
Audit Metadata