The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reveals a hardcoded local absolute file path in the References section: /Users/mikhail/Obsidian/vivax/.obsidian/plugins/viva-llm/.caliber/summary.json. This exposes the user's local username and internal directory structure.
[PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection (Category 8) due to its core functionality of processing vault content with powerful tools.
Ingestion points: Reads content from the active Obsidian note, processes the entire vault context during voice sessions, and performs screen captures for vision tasks.
Boundary markers: Uses a simple role-based markdown format (# role: user/assistant) which may be easily bypassed by instructions embedded within vault notes.
Capability inventory: Includes an 'open integrated terminal' command, 'agent mode' with a high recursion depth of 20, and support for dynamic MCP tool discovery.
Sanitization: There is no evidence of sanitization, escaping, or explicit 'ignore instructions' delimiters for data fetched from the vault or external tools.
[COMMAND_EXECUTION]: The skill explicitly provides a command to 'Open integrated terminal' (open-integrated-terminal) and 'Send active note context to terminal' (send-active-note-context-to-terminal), which allows for arbitrary command execution within the user's environment.

viva-llm