The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the grep command to search the vault using concept names and vault paths derived from local configuration. If a concept name or page title contains shell metacharacters (such as ;, &, or |), it could lead to arbitrary command execution on the host machine when the shell command is constructed.
[CREDENTIALS_UNSAFE]: The instructions direct the agent to read ~/.obsidian-wiki/config or .env to retrieve configuration. While the intended purpose is to find the OBSIDIAN_VAULT_PATH, .env files are standard locations for sensitive API keys, tokens, and other secrets which would be exposed to the agent.
[PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests and processes all markdown files within the user's vault. Maliciously crafted notes containing specific instructions could attempt to influence the agent's behavior during the scanning or drafting phases.
Ingestion points: Every non-special markdown file in the Obsidian vault (Step 1).
Boundary markers: No specific delimiters or safety warnings are implemented to separate user-provided content from the skill's instructions.
Capability inventory: Shell execution via grep, file read/write access to the entire vault, and update capability for special index and log files.
Sanitization: No sanitization or escaping is performed on the links, tags, or content extracted from vault pages before they are used in commands or logic.

wiki-synthesize