The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/open-uri.sh script contains a command injection vulnerability on Windows. It executes cmd.exe /c start "" "$URI", allowing an attacker to run arbitrary system commands by including shell metacharacters (e.g., &, |, ^) in the URI parameter.
[REMOTE_CODE_EXECUTION]: The skill documents and enables the use of the obsidian eval command, which allows the execution of arbitrary JavaScript code within the Obsidian application. This dynamic execution capability can be exploited to bypass security controls or access the underlying system through the application's context.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Untrusted data is ingested from Obsidian notes via the obsidian read command. 2. Boundary markers: None are defined to separate note content from agent instructions. 3. Capability inventory: The skill has access to powerful tools including arbitrary code execution (eval), file system modifications (create), and screen capture (dev:screenshot). 4. Sanitization: No sanitization is performed on content read from notes.
[DATA_EXFILTRATION]: The skill provides comprehensive access to a user's Obsidian vaults through commands like obsidian read and obsidian search. This capability can be leveraged to access and potentially exfiltrate sensitive personal information stored in notes.

obsidian-cli