Skills
skills/mathruffian-dot/opencode-lazy-packs/opencode-obsidian/Gen Agent Trust Hub

opencode-obsidian

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of global packages from public registries.
  • npm install -g @bitbonsai/mcpvault (npm)
  • pip install cli-anything-hub (PyPI)
  • [COMMAND_EXECUTION]: The skill uses npx and a custom CLI manager (cli-hub) to execute external code that accesses the local file system.
  • Evidence: "command": ["npx", "@bitbonsai/mcpvault", "<VAULT_PATH>"] in the configuration block.
  • Evidence: cli-hub install obsidian used for metadata and advanced operations.
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by ingesting data from an external, potentially untrusted source (Obsidian vault).
  • Ingestion points: Content of the Obsidian vault specified at <VAULT_PATH>.
  • Boundary markers: No delimiters or instructions are provided to help the agent distinguish between trusted instructions and data found within the notes.
  • Capability inventory: The skill provides read and write access to the local file system within the vault scope.
  • Sanitization: No sanitization or validation of the note content is performed before the agent processes it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 02:02 PM
Security Audit — agent-trust-hub — opencode-obsidian