The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides an obsidian eval command which allows the agent to execute arbitrary JavaScript code within the context of the running Obsidian application. This dynamic execution capability represents a significant security risk if the agent is manipulated into running malicious scripts.- [DATA_EXFILTRATION]: The skill enables broad access to read vault content (obsidian read, obsidian search), capture visual data (obsidian dev:screenshot), and inspect UI elements (obsidian dev:dom). These tools allow access to potentially sensitive local information that could be exposed or exfiltrated if the agent is also granted network permissions.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the user's Obsidian vault.
Ingestion points: Commands like obsidian read and obsidian search in SKILL.md bring external file content into the agent's context.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided documentation.
Capability inventory: The agent has high-privilege capabilities including arbitrary JS execution via obsidian eval and file modification via obsidian create and obsidian append (all in SKILL.md).
Sanitization: There is no evidence of sanitization or validation of the content retrieved from the vault before processing.

obsidian-cli