The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/vault_bridge.py contains a critical command injection vulnerability in the update_properties_cli function. It utilizes subprocess.run with shell=True on a command string constructed via f-strings. This string incorporates the file_name and property value variables without any sanitization. An attacker who can control note titles or frontmatter values in a processed Obsidian vault could execute arbitrary shell commands on the host system.
[DATA_EXFILTRATION]: The skill implements automated scanning of local Obsidian vaults via scripts/vault_bridge.py and scripts/pkg_gkg_diff.py. This process ingests untrusted data from Markdown frontmatter into analytics YAML files that are then injected into the agent's context. This creates a surface for indirect prompt injection, where malicious instructions hidden in a vault could influence the agent's behavior. Additionally, sensitive data extracted during these scans could be inadvertently exposed in the agent's context or sent via the integrated ob sync command.
[EXTERNAL_DOWNLOADS]: The skill depends on external CLI tools such as obsidian, ob (obsidian-headless), and obsidian-vault-manager. While these are documented as part of the Obsidian integration ecosystem, their execution involves network synchronization and the potential for remote data transmission to the Obsidian Sync service.

obsidian-learning-path