AgentReadyHomeAgent Listing

← obsidian-markdown

obsidian-markdown — agentic threat model

6.1AIVSS 6.1 · Medium

This agent skill focuses on formatting and structuring Obsidian-flavored Markdown files. Its primary risk lies in local file system modification and potential indirect prompt injection if the host agent processes untrusted inputs into the vault.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.5AARS uplift 0.63Factor sum 1.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the skill is model-agnostic and acts as an instruction set. It is vulnerable to indirect prompt injection if the underlying model processes untrusted inputs before writing markdown.

L2 · Data Operations✓ mapped

The skill operates directly on Obsidian vault data (.md files, wikilinks, embeds). Risks include data corruption, unauthorized file modification, or directory traversal if the agent interprets pathing in wikilinks unsafely.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework hosting this skill is undefined. However, insecure tool integration could allow the agent to overwrite critical system files instead of just vault files.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — the deployment environment is likely a local desktop running Obsidian, meaning host compromise or local file system exposure is the primary infrastructure threat.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there are no built-in guardrails or logging mechanisms mentioned to monitor what markdown content or file paths the agent is generating.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no authentication, authorization, or compliance controls are defined. Access control relies entirely on the host operating system and Obsidian application permissions.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — no multi-agent interactions are described, though the generated markdown could potentially be consumed by other automated agents parsing the same vault.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).