The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands including mkdir, cp, git, and a third-party obsidian CLI tool to manage the knowledge vault. While these are necessary for functionality, there is a potential risk of command injection if variables like project names or search queries containing shell metacharacters are not properly handled by the agent environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. During the analyze and recap phases, it reads content from external project files (such as README.md, CLAUDE.md, and ADRs) and incorporates this data into vault notes. Malicious instructions embedded in these files could be executed by the agent or influence its future behavior when it later references those notes.
Ingestion points: Reads various project files like package.json, README.md, and CLAUDE.md during the analyze command in SKILL.md.
Boundary markers: None identified; external content is read and synthesized directly into notes.
Capability inventory: Includes file system access (mkdir, cp), execution of git and obsidian CLI commands, and file writing capabilities across the vault structure.
Sanitization: No explicit sanitization or escaping of external content before writing it to the vault or passing it to CLI commands is described.

obs-memory