The Agent Skills Directory

[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. It reads file names and metadata (aliases) from an Obsidian vault, which is considered untrusted data. This data is then used to build a catalog or passed to CLI tools, potentially allowing malicious content in the vault to influence the agent. Ingestion points: Files located in Projects/, Persons/, Topics/, Coding/, and Meetings/ folders within the vault root. Boundary markers: Absent; the skill does not use delimiters or instructions to prevent the agent from following directions found within the vault files. Capability inventory: Filesystem reads and execution of qmd and obsidian CLI tools. Sanitization: No sanitization is performed on names or aliases extracted from files before they are interpolated into queries.
[COMMAND_EXECUTION]: The skill executes external CLI tools (qmd and obsidian). It specifically interpolates extracted entity names into the qmd query command using the {name} placeholder. If a file name or alias contains shell injection characters or malicious payload strings, it could potentially trigger unintended actions depending on how the CLI tool or the underlying shell handles the input.

discover-vault-entities