The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands by interpolating variables from the conversation context. While path variables are sanitized, the content body is passed directly as an argument, requiring the execution environment to handle shell escaping safely.
Evidence: Step 5 and Step 6 utilize notesmd-cli with interpolated variables such as {frontmatter + body} and {topic}.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from conversation history and persists it to the local filesystem.
Ingestion points: Conversation content is detected and extracted in Step 1 to determine the note type and body.
Boundary markers: Absent; there are no explicit delimiters used to wrap the saved content or instructions for the agent to ignore instructions embedded within the data.
Capability inventory: The skill possesses the capability to read, write, and surgically edit files within the Obsidian vault via notesmd-cli and the Edit tool.
Sanitization: Employs strict slugging rules for filenames (kebab-case, lowercase, no special characters, max 60 chars) in Step 2, which serves as a mitigation against path traversal and command injection via filenames.

doc-vault-save