skills/steipete/clawdis/obsidian/Gen Agent Trust Hub

obsidian

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use obsidian-cli for vault operations, including searching note titles and content, and creating, moving, or deleting Markdown files. It also reads the local configuration file at ~/Library/Application Support/obsidian/obsidian.json to discover active vaults.- [EXTERNAL_DOWNLOADS]: The skill metadata recommends the installation of the obsidian-cli utility from the yakitrak/yakitrak/obsidian-cli Homebrew tap.- [PROMPT_INJECTION]: The skill reads content from user-provided Markdown notes, creating an attack surface for indirect prompt injection.
  • Ingestion points: Markdown notes (*.md) located within Obsidian vaults.
  • Boundary markers: The skill does not define specific delimiters for vault content or instructions to ignore embedded commands.
  • Capability inventory: File system operations (search, create, move, delete) via obsidian-cli.
  • Sanitization: No sanitization or validation of the ingested note content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 05:34 PM
Security Audit — agent-trust-hub — obsidian