Skills
skills/nweii/agent-stuff/obsidian-clis/Gen Agent Trust Hub

obsidian-clis

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the obsidian and notesmd-cli binaries to perform file system operations and control the Obsidian application. It uses the dynamic context injection syntax (!which) to detect if these tools are installed on the system PATH.
  • [REMOTE_CODE_EXECUTION]: Documents the obsidian eval command, which allows the agent to execute JavaScript within the Obsidian application context for advanced automation or inspection.
  • [PROMPT_INJECTION]: The skill processes markdown files from the user's vault, which represents an attack surface for indirect prompt injection if note content contains malicious instructions.
  • [SAFE]: External documentation links point to official Obsidian repositories on GitHub, which are recognized as safe sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 04:12 PM