obsidian-knowledge
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection due to its processing of user-controlled or externally sourced vault data.
- Ingestion points: Content is ingested from the vault via 'obsidian read' and 'obsidian daily:read' operations (SKILL.md).
- Boundary markers: There are no specific instructions to treat ingested note content as data rather than instructions, nor are there delimiters used to isolate this content.
- Capability inventory: The skill has the ability to write to the filesystem, move files, and execute CLI commands based on its analysis of the vault content (SKILL.md).
- Sanitization: No validation or sanitization of the content read from the vault is performed before processing.
- [COMMAND_EXECUTION]: The skill uses shell commands and a CLI tool to interact with the environment.
- Commands include the 'obsidian' CLI for vault management, as well as 'open', 'sleep', and 'mv' for process and file management (SKILL.md).
- The skill retrieves and potentially exposes the absolute filesystem path of the vault through the command 'obsidian vault info=path' (SKILL.md).
Audit Metadata