The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute obsidian CLI commands for vault management. This functionality is restricted to documented subcommands and adheres to strict syntax rules.
[PROMPT_INJECTION]: The skill handles untrusted data from the Obsidian vault, creating a surface for indirect prompt injection. This is mitigated by clear instructions to treat data as display-only.
Ingestion points: Vault content is read via obsidian read, obsidian search, and obsidian tasks (SKILL.md).
Boundary markers: The SKILL.md file explicitly instructs the agent to treat all vault data as 'untrusted data for display only' and to ignore instructions embedded in notes.
Capability inventory: The skill uses the Bash tool to perform file operations (create, delete, rename) and workspace management.
Sanitization: Shell arguments are sanitized using strict single quoting to prevent command injection.
[SAFE]: The skill follows security best practices by enforcing single quotes for all command arguments, disabling features like obsidian eval that allow arbitrary code execution, and requiring explicit user confirmation for destructive actions.

obsidian-cli