The Agent Skills Directory

[DYNAMIC_EXECUTION]: The skill includes an obsidian eval command designed to execute arbitrary JavaScript code within the context of the running Obsidian application. This allows for high-impact operations that bypass standard CLI constraints.
[METADATA_POISONING]: The skill documentation points to https://help.obsidian.md/cli as a source for official documentation. This URL currently returns a 404 error on the official Obsidian help site, as Obsidian does not provide a native official CLI tool, which may mislead users about the tool's official status and safety.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from the user's Obsidian vault.
Ingestion points: Commands like obsidian read, obsidian search, and obsidian daily:read (SKILL.md) bring external note content into the agent context.
Boundary markers: The skill lacks instructions for the agent to treat vault content as untrusted data or to ignore embedded instructions.
Capability inventory: The skill possesses significant capabilities including arbitrary JavaScript execution (obsidian eval), file modification (obsidian append, obsidian create), and property manipulation (obsidian property:set) in SKILL.md.
Sanitization: There is no evidence of sanitization or filtering for the data retrieved from the vault.
[COMMAND_EXECUTION]: The skill relies on a non-standard obsidian CLI utility. If this tool is not already present on the system, the skill provides no information on its source or installation, posing a risk of executing unverified binaries.

obsidian-cli