The Agent Skills Directory

[COMMAND_EXECUTION]: The Python scripts in the scripts/ directory use subprocess.check_output to interact with the local git environment (git rev-parse --show-toplevel) and to execute internal helper scripts (e.g., kb_registry_check.py). These calls are used for deterministic data processing and local repository state management, and they do not involve arbitrary or untrusted command strings.
[DATA_EXPOSURE]: The skill reads and writes project metadata to the .claude/project-memory/ directory. This is used for binding the repository to a specific project root in the Obsidian vault. This is a functional requirement for the skill's operation and does not involve sensitive user credentials or system secrets.
[REMOTE_CODE_EXECUTION]: The skill uses yaml.safe_load for parsing configuration files, which is a secure practice that prevents the execution of arbitrary Python objects during deserialization.

obsidian-project-kb-core