The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill instructions (SKILL.md) direct the agent to execute a Python script using shell commands with arguments derived from user input. Evidence: The bash block in SKILL.md specifying the call to scripts/save_to_obsidian.py. Risk: If the content, tags, or title contain shell-metacharacters (e.g., semicolons, backticks, or pipes), and the agent executes the command in a shell environment without proper escaping, it could lead to arbitrary command execution. Note: The referenced script 'save_to_obsidian.py' was not provided for analysis.
DATA_EXPOSURE (LOW): The skill requests a 'vault-path' from the user and writes files to it. Evidence: Instructions in SKILL.md Step 5. Risk: Without validation, an attacker could potentially direct the agent to overwrite or create files in sensitive system directories by providing a malicious path.
PROMPT_INJECTION (LOW): The skill processes untrusted conversation data to generate note content. 1. Ingestion points: Conversation history (User/Assistant turns). 2. Boundary markers: Absent; instructions provide formatting rules but no delimiters for the untrusted content. 3. Capability inventory: File system write access via script execution. 4. Sanitization: Absent; the agent is not instructed to escape or sanitize content before passing it to the command line.

obsidian-qa-saver