The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script scripts/convert_zhcn_to_zhtw.py is configured to automatically install the opencc-python-reimplemented==0.1.7 package from an external registry using pip or uv if the dependency is missing. Runtime installation of third-party packages without prior security verification introduces a supply chain risk.
[COMMAND_EXECUTION]: The skill reference references/obsidian-cli.md explicitly documents how to use sensitive commands such as eval code=<javascript> and dev:cdp. These commands enable arbitrary code execution and deep inspection of the Obsidian application environment, posing a significant risk if the agent is manipulated into running them.
[PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted user-controlled data (markdown notes) from the Obsidian vault. This provides a vector for indirect prompt injection, where malicious content within a note could override the agent's instructions during summarization or knowledge extraction tasks.
Ingestion points: Note contents are read and processed for health checks and knowledge extraction as described in references/knowledge-management.md.
Boundary markers: No specific delimiters or safety instructions for handling user data were identified in the scripts or prompts.
Capability inventory: The agent has capabilities to modify files, delete content, and execute Obsidian CLI commands (including eval).
Sanitization: There is no evidence of sanitization or filtering of the content retrieved from vault notes before it is analyzed by the agent.

obsidian-vault-manager