The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill exposes an obsidian eval command that allows the agent to execute arbitrary JavaScript code within the context of the Obsidian application. This is a powerful dynamic execution feature intended for plugin development but represents a security risk if mismanaged.\n- [COMMAND_EXECUTION]: The skill uses a local obsidian CLI tool to perform various operations, including file creation (create), reading (read), and searching (search). The agent's ability to run these shell commands provides access to the user's local Obsidian vault.\n- [DATA_EXFILTRATION]: Through commands like obsidian read, obsidian search, and obsidian dev:screenshot, the agent can access sensitive data stored in the user's notes and application interface.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.\n
Ingestion points: Data enters the context from potentially untrusted notes via obsidian read and obsidian search (SKILL.md).\n
Boundary markers: There are no instructions to the agent to treat vault content as untrusted or to use delimiters to prevent instruction override.\n
Capability inventory: The skill possesses high-impact capabilities such as arbitrary code execution (obsidian eval) and file system modification (obsidian create, obsidian append) (SKILL.md).\n
Sanitization: There is no documented validation or sanitization of note content before it is processed or used in subsequent actions.

obsidian-cli