The Agent Skills Directory

Data Exposure (HIGH): The skill instructions direct the agent to read sensitive configuration data from ~/Library/Application Support/obsidian/obsidian.json. This file contains metadata and absolute paths for all vaults, which could be exploited if the agent is compromised.- Unverifiable Dependencies (MEDIUM): The installation instructions utilize a third-party Homebrew tap (yakitrak/yakitrak/obsidian-cli). This source is not within the defined trusted organizations or repositories, posing a supply chain risk.- Indirect Prompt Injection (HIGH): The skill possesses a significant vulnerability surface where malicious instructions embedded in Obsidian notes can influence agent behavior.
Ingestion points: Content is ingested via obsidian-cli search-content and direct reading of .md files.
Boundary markers: There are no boundary markers or instructions to treat note content as untrusted data.
Capability inventory: The skill provides the ability to create, move, and delete files, as well as perform direct edits.
Sanitization: No sanitization or validation of the note content is performed before processing.

obsidian