The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill ingests untrusted data from various locations within a user's Obsidian vault and uses that data to drive core logic (Inbox Processing and Daily Planning). Combined with its file-modification capabilities, this creates a high-severity vulnerability surface. Ingestion points: All files within the user-specified vault directory, specifically 00-Inbox/, 01-Projects/, and 02-Areas/. Boundary markers: Absent; the agent is instructed to parse and obey structural elements (tags, headers) directly from the text of the notes. Capability inventory: Full Read, Write, Edit, Glob, and Grep access across the vault structure. Sanitization: None; the skill lacks any mechanisms to sanitize or escape content before it is processed by the agent.
Command Execution (MEDIUM): The skill utilizes agent tools like Glob and Grep on file paths provided by the user. A manipulated vault path stored in Memory or environment variables could lead to directory traversal or exposure of files outside the intended vault scope.
Persistence Mechanisms (LOW): The configuration guide in config/README.md recommends that users add environment variables to their shell profiles (e.g., ~/.bashrc, ~/.zshrc) to persist the vault path configuration, which is a common but persistent system modification.

second-brain