The Agent Skills Directory

[COMMAND_EXECUTION]: The script performs filesystem operations (read, write, append, and directory creation) using paths derived from command-line arguments without validation. Evidence: In obsidian.js, the functions readNote, createNote, appendToNote, and addWikiLink use path.join(vaultPath, notePath) where notePath is an unvalidated user-provided argument. The script does not verify that the resulting path remains within the vaultPath, enabling directory traversal attacks using .. sequences to access files outside the intended vault.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: The skill reads file contents in readNote and generates snippets in findNotes from local markdown files. 2. Boundary markers: No boundary markers or 'ignore previous instructions' warnings are present when outputting file content to the agent. 3. Capability inventory: The skill allows full read/write access to markdown files and can create directories through the createNote and appendToNote functions. 4. Sanitization: No sanitization or filtering is performed on the content read from files before it is output to the agent's context.

obsidian-vault