obsidian

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill initiates the installation of the 'obsidian-cli' utility via the Homebrew tap 'yakitrak/yakitrak/obsidian-cli'. This is the standard distribution channel for this tool.
  • [COMMAND_EXECUTION]: The skill executes shell commands using 'obsidian-cli' to search, create, move, and delete files within the user's Obsidian vaults. It also reads the Obsidian configuration file at '~/Library/Application Support/obsidian/obsidian.json' to identify vault locations.
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by reading user-controlled Markdown notes. Ingestion points: reads '.md' files from local vaults. Boundary markers: absent. Capability inventory: file creation, movement, and deletion via 'obsidian-cli'. Sanitization: absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — obsidian