Obsidian Markdown

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Obsidian Markdown reference skill with no code, install steps, credentials, or hidden data access.

Reasonable to install for Obsidian note writing or editing. Be aware it may activate when you mention generic Markdown concepts like tags or frontmatter, and review generated changes before applying them to important vault notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest says to use the skill when working with '.md files in Obsidian, or when the user mentions wikilinks, callouts, frontmatter, tags, embeds, or Obsidian notes.' Several of these terms, especially frontmatter and tags, can appear in broader Markdown or note-taking contexts, and the description does not give exclusion conditions or negative examples to clarify when the skill should not activate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal