Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The skill explicitly instructs the agent to write files into a specific local Obsidian vault path on the user's machine without any confirmation, warning, or sandboxing. This creates an unauthorized local file modification risk: an invoked skill could overwrite notes, create persistent artifacts, or leak sensitive business content into an unintended local location.
