Obsidian CLI

The skill bundle documents the official Obsidian CLI, which includes highly risky developer commands such as `obsidian eval` and `obsidian dev:cdp method="Runtime.evaluate"` (documented in SKILL.md). These commands allow arbitrary JavaScript execution within the Obsidian Electron application, providing a direct remote code execution (RCE) vector if an AI agent is prompted to execute untrusted input. Furthermore, the `obsidian plugin:install` command allows downloading and executing arbitrary community plugins, which also presents a significant RCE risk. While these are documented features of the Obsidian CLI, their exposure via an AI agent skill creates a critical vulnerability for prompt injection and potential system compromise.