100Critical
The skill allows arbitrary shell command
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Image Metadata from Cache: Retrieves AI-generated title, keywords, and description for images in a note by reading the **ai-image-analyzer** plugin cache. Run the script with vault root and note path; it returns a JSON array of cached image metadata.
Actually does
The skill executes a Python script via `Bash` using `uv run python`. This script reads an Obsidian note file and then accesses the `vault/.obsidian/plugins/ai-image-analyzer/cache/` directory to retrieve cached image metadata. It outputs a JSON array containing image paths and their associated textual metadata to standard output.
Skill Info
Nameyixin0829/semantic-obsidian/image-metadata-from-cache
Registrygithub
Versionfd72fc4eac5b
PURLpkg:github/yixin0829/semantic-obsidian@fd72fc4eac5b?skill=image-metadata-from-cache
Stars2
Source
SHA-2560516085cebb3...
SHA-1d7aed15e8643...
MD51dc2d3f4f7e0...
TLSHe251b40e3da1...
Size2,774 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Arbitrary Command Execution via Bash Toolcriticalcommand execution
The skill explicitly allows the `Bash` tool, enabling the AI agent to execute arbitrary shell commands on the host system, leading to potential system compromise.
100% confidenceline 4
allowed-tools: Read, Glob, Bash
Potential Command Injection in Script Argumentshighcommand execution
User-controlled `vault_path` and `note_path` are passed to a Python script executed via `Bash`. If not sanitized, these inputs could be exploited for command injection within the script.
80% confidenceline 19
uv run python .cursor/skills/image-metadata-from-cache/scripts/get_image_metadata.py <vault_path> <note_path>
Broad File System Read Accessmediumreconnaissance
The skill requires access to the Obsidian vault and its plugin cache, implying broad file system read access. Combined with `Bash`, this could be used for unauthorized data reconnaissance or exfiltration.
70% confidence
Arguments: vault_path — Obsidian vault root... Cache Dir: vault/.obsidian/plugins/ai-image-analyzer/cache/
Oversight Evasion: 'Read-only' vs. Bash Capabilitymediumoversight evasion
The skill claims to be 'Read-only' but explicitly allows the `Bash` tool, which grants capabilities for write operations and system modifications, potentially misleading human overseers.
90% confidence
description: ... Read-only; does not modify notes or embeds. and allowed-tools: Read, Glob, Bash
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/yixin0829/semantic-obsidian/image-metadata-from-cache)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/yixin0829/semantic-obsidian/image-metadata-from-cache"><img src="https://mondoo.com/ai-agent-security/api/badge/github/yixin0829/semantic-obsidian/image-metadata-from-cache.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/yixin0829/semantic-obsidian/image-metadata-from-cache.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow