The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file SKILL.md contains a hardcoded API key (d4fc944e64f535df05b34c2e8596c4e3eaffc6dfd5b5ee15e76789a4ab96698a) for authenticating with the Obsidian Local REST API. Hardcoding credentials in skill definitions is unsafe as it exposes sensitive access keys to any user or system capable of reading the skill configuration.
[COMMAND_EXECUTION]: The skill utilizes shell commands including curl, cat, find, and grep to interact with the local filesystem and the Obsidian API. This creates a risk of command injection if parameters like filenames, search terms, or paths are constructed using unsanitized input.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) due to its interaction with external data sources. Ingestion points: Notes and metadata retrieved from the Obsidian vault via the Local REST API or direct filesystem access. Boundary markers: None; the instructions do not provide delimiters or safety warnings to help the agent distinguish between note content and executable instructions. Capability inventory: The skill possesses full create, read, update, and delete (CRUD) capabilities via the Local REST API (PUT, POST, PATCH, DELETE operations) and extensive read/search capabilities through shell utilities. Sanitization: No sanitization, validation, or escaping of vault content is defined before the data is processed by the agent.

obsidian-vault