markdown-vault-sync

SUSPICIOUS: the skill is broadly aligned with Obsidian vault syncing, but it expands scope by requiring a second skill and by letting agents synthesize from arbitrary project content while writing into the vault. The main risk is transitive trust plus prompt-injection exposure from untrusted repository text, not overt malware or credential theft.