Skills
skills/zhuxining/agentos/obsidian-knowledge/Gen Agent Trust Hub

obsidian-knowledge

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses system shell commands, including obsidian, open, and sleep, to automate the Obsidian application and perform file operations.
  • [DATA_EXFILTRATION]: The skill interacts with the local file system to read vault content and uses CLI commands to reveal the absolute system path of the Obsidian vault.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes content from user-generated notes and external web sources.
  • Ingestion points: SKILL.md (uses obsidian read and obsidian search to fetch data).
  • Boundary markers: Absent. No specific delimiters are defined for the ingested content.
  • Capability inventory: SKILL.md (has the ability to create, append, and move files, and update note properties).
  • Sanitization: Partial. The skill instructs the agent to avoid notes with privacy tags (#Private, #Key) but does not validate the content of the notes it processes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 04:34 AM
Security Audit — agent-trust-hub — obsidian-knowledge