Skills
skills/prakharmnnit/skills-and-personas/obsidian-cli/Gen Agent Trust Hub

obsidian-cli

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill exposes an eval command (obsidian eval code="...") which facilitates the execution of arbitrary JavaScript within the context of the running Obsidian application.
  • [COMMAND_EXECUTION]: The dev:cdp command enables interaction with the Chrome DevTools Protocol, allowing for low-level application manipulation and data access.
  • [EXTERNAL_DOWNLOADS]: The plugin:install command allows the agent to download and install external code (Obsidian plugins) from the community marketplace at runtime.
  • [EXTERNAL_DOWNLOADS]: The documentation includes instructions for installing the obsidian-headless package globally via npm, which introduces an external dependency.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its data-processing capabilities.
  • Ingestion points: The agent can ingest untrusted data from the vault using obsidian read, obsidian template:read, and obsidian search.
  • Boundary markers: There are no documented delimiters or instructions to treat file content as untrusted data.
  • Capability inventory: The skill provides high-impact capabilities including obsidian eval, obsidian dev:cdp, obsidian plugin:install, and the ability to delete or move files.
  • Sanitization: No sanitization or validation of data retrieved from the vault is mentioned before being used in potentially dangerous operations.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 11:38 PM