Obsidian Markdown (kepano)

Security checks across malware telemetry and agentic risk

Overview

This skill is an offline Obsidian Markdown reference and does not request code execution, credentials, installation steps, or persistent access.

This appears safe to install as a documentation-only skill. Use normal care with generated Obsidian notes: review external image links before sharing or opening sensitive notes, since Markdown viewers may fetch remote resources when rendering them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Low

Confidence: 86% confidence
Finding: The description says to use the skill when working with .md files in Obsidian, or when the user mentions common concepts like tags, embeds, or frontmatter. Several of these terms are used outside Obsidian-specific contexts, so the trigger scope is somewhat broad and lacks explicit exclusion examples for ordinary markdown requests.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal