100Critical
The skill allows command injection and
Behavior Analysis
Description verified — behavior matches claim
Claims to do
P.A.R.A. Manager Skill: Assistant for managing P.A.R.A. personal knowledge system (Projects, Areas, Resources, Archives) in Obsidian through natural dialogue.
Actually does
This skill uses `obsidian-cli` to create, open, search, and move files and folders within an Obsidian vault, adhering to a P.A.R.A. (Projects, Areas, Resources, Archives) structure. It leverages `obsidian-markdown` to format content and add metadata to these files, using built-in templates from its `references/` folder. It also reads existing files to analyze the system's status and provide recommendations.
Skill Info
Nameshestera/second-brain-skills/para-manager
Registrygithub
Versionc2f85ecec02a
PURLpkg:github/shestera/second-brain-skills@c2f85ecec02a?skill=para-manager
Installs1
Source
SHA-2568faa1554312b...
SHA-1988d3a4d7640...
MD554cb18c8b4c8...
TLSH3c52b706fa04...
ssdeep384:4dVJLq5L...
Size13,209 bytes
Install
Assessments (2)
AI Agent Traps ↗Shell command execution function detectedcriticalcommand execution
Shell command execution function detected
100% confidenceline 34
system (
Potential Command Injection/Path Traversal via obsidian-climediumcommand execution
The skill uses `obsidian-cli` for file system operations (create, move, read, search) where user input is used to construct arguments. Without proper sanitization, this could lead to command injection or path traversal, allowing arbitrary file system manipulation.
80% confidenceline 60
Create folders via obsidian-cli skill
Broad File System Read/Search Capabilitieslowreconnaissance
The skill uses `obsidian-cli` to 'search and read files in P.A.R.A. folders' for system analysis. If user input can influence search paths or criteria, this capability could be abused to enumerate or read sensitive files outside the intended scope.
70% confidenceline 115
Read structure: use obsidian-cli to search and read files in P.A.R.A. folders
Content Injection into Markdown Filesmediumcontent injection
User-provided text (e.g., project names, descriptions) is used to 'adapt content (fill {{DATE}}, {{NAME}}, etc.)' within Markdown templates. If this input is not sanitized, an attacker could inject malicious Markdown, HTML, or JavaScript into the user's knowledge base.
90% confidenceline 95
New project: ask name, deadline, priority, goal → use Project.md template → fill metadata
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/shestera/second-brain-skills/para-manager)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/shestera/second-brain-skills/para-manager"><img src="https://mondoo.com/ai-agent-security/api/badge/github/shestera/second-brain-skills/para-manager.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/shestera/second-brain-skills/para-manager.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow