The Agent Skills Directory

Dynamic Execution (HIGH): The skill documents the command obsidian eval code="..." in SKILL.md. This allows for the execution of arbitrary JavaScript within the Obsidian application context. Since Obsidian is an Electron app, this capability could be used to execute system commands or access the file system beyond the vault's scope.
Privilege Escalation (HIGH): The references/headless-setup.md file contains instructions using sudo to remove snaps and install deb packages (sudo dpkg -i obsidian_1.11.7_amd64.deb). Requesting that an agent or user run commands with root privileges is a high-risk pattern.
External Downloads (MEDIUM): The setup instructions perform a remote download of a binary package using wget from a GitHub repository (obsidianmd/obsidian-releases). While GitHub is a known platform, the specific organization is not on the trusted list, and binary installation via shell scripts is a common attack vector.
Indirect Prompt Injection (LOW): The skill is designed to read untrusted data from Obsidian notes via commands like obsidian read and obsidian search.
Ingestion points: Files read from the Obsidian vault.
Boundary markers: None identified; note content is processed directly.
Capability inventory: File modification (obsidian create, obsidian append), plugin management, and arbitrary JS execution (obsidian eval).
Sanitization: No evidence of sanitization or instruction filtering for note content.

obsidian-cli