obsidian
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use obsidian-cli for vault operations, including searching note titles and content, and creating, moving, or deleting Markdown files. It also reads the local configuration file at ~/Library/Application Support/obsidian/obsidian.json to discover active vaults.- [EXTERNAL_DOWNLOADS]: The skill metadata recommends the installation of the obsidian-cli utility from the yakitrak/yakitrak/obsidian-cli Homebrew tap.- [PROMPT_INJECTION]: The skill reads content from user-provided Markdown notes, creating an attack surface for indirect prompt injection.
- Ingestion points: Markdown notes (*.md) located within Obsidian vaults.
- Boundary markers: The skill does not define specific delimiters for vault content or instructions to ignore embedded commands.
- Capability inventory: File system operations (search, create, move, delete) via obsidian-cli.
- Sanitization: No sanitization or validation of the ingested note content is performed.
Audit Metadata