The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes content from the _staging/ directory, which represents a potential attack surface for indirect prompt injection.\n
Ingestion points: Markdown and patch files are read from the $OBSIDIAN_VAULT_PATH/_staging/ directory (SKILL.md Step 1).\n
Boundary markers: There are no explicit instructions or delimiters used to separate untrusted content from the agent's instructions during the preview or application phases.\n
Capability inventory: The skill is capable of moving files across directories, modifying file content (merging patches), and updating tracking files like hot.md and log.md (SKILL.md Step 3 and 4).\n
Sanitization: No sanitization or content validation is performed on the files before they are previewed for the user or merged into the live wiki.

wiki-stage-commit