The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (MEDIUM): The SKILL.md file explicitly lists 'eval' as an available developer diagnostic command. If the agent accepts unsanitized user input to be used with this command, it could lead to arbitrary code execution within the context of the Obsidian application.\n- [COMMAND_EXECUTION] (MEDIUM): The automation recipes in 'references/automation-recipes.md' and 'SKILL.md' use shell loops to process file paths. While double-quoted, this pattern remains susceptible to command injection if filenames contain characters designed to break shell syntax.\n- [COMMAND_EXECUTION] (LOW): The script 'scripts/collect_obsidian_help.sh' dynamically generates commands by parsing the output of 'obsidian --help'. While localized to help commands, this dynamic execution of computed strings is a risky pattern.\n- [INDIRECT_PROMPT_INJECTION] (LOW): 1. Ingestion points: Note titles, paths, and content read via 'obsidian read' or 'obsidian files'. 2. Boundary markers: Absent. 3. Capability inventory: Full file manipulation, property setting, and execution of Obsidian internal commands via CLI. 4. Sanitization: None; the skill lacks validation for data read from the vault before using it in subsequent CLI commands.

obsidian-cli-automation