obsidian
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the installation of the 'obsidian-cli' utility via the Homebrew tap 'yakitrak/yakitrak/obsidian-cli'. This is the standard distribution channel for this tool.
- [COMMAND_EXECUTION]: The skill executes shell commands using 'obsidian-cli' to search, create, move, and delete files within the user's Obsidian vaults. It also reads the Obsidian configuration file at '~/Library/Application Support/obsidian/obsidian.json' to identify vault locations.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by reading user-controlled Markdown notes. Ingestion points: reads '.md' files from local vaults. Boundary markers: absent. Capability inventory: file creation, movement, and deletion via 'obsidian-cli'. Sanitization: absent.
Audit Metadata