The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface.
Ingestion points: The skill is designed to ingest data from external sources such as conversation history (Workflows/CaptureKnowledge.md) and external project documentation (Workflows/SyncDocs.md).
Boundary markers: There are no explicit instructions or delimiters in the workflows or scripts to isolate untrusted content or instruct the agent to ignore embedded instructions.
Capability inventory: The skill possesses file-writing capabilities (Tools/BaseBuilder.py) and interacts with the Obsidian REST API for search and note management.
Sanitization: No sanitization or validation logic for external content is present in the provided tools.
[DATA_EXFILTRATION] (LOW): SSL Verification Disabled.
Evidence: The search utility in Tools/SearchVault.py initializes the httpx.Client with verify=False in the _client() function.
Risk: This allows for potential Man-in-the-Middle (MITM) attacks. While typically used for local self-signed certificates in Obsidian, this practice could expose the OBSIDIAN_API_KEY if the connection is intercepted or routed through an untrusted network.
[COMMAND_EXECUTION] (LOW): Recommended Persistent Execution Mechanism.
Evidence: IntegrationPatterns.md suggests setting up a Git hook (post-commit) that executes claude automatically. If the repository is shared or compromised, an attacker could use this to trigger agent execution with malicious context in a persistent manner.
[NO_CODE] (LOW): Missing Referenced Tool Scripts.
Evidence: The SKILL.md and several workflows reference Tools/VaultManager.py and Tools/NoteCreator.py, but these core scripts are missing from the provided skill files, limiting the audit of their specific logic.
[EXTERNAL_DOWNLOADS] (SAFE): Standard Dependency Requirements.
Evidence: The skill documentation requires the installation of standard packages (click, httpx, pyyaml) and several community-developed Obsidian plugins.

obsidian-master-skill