The Agent Skills Directory

[DATA_EXFILTRATION]: The skill implements a workflow that reads local files via the Read tool and private workspace content via notion-fetch. This content is then used to generate HTML slide decks which are deployed to public Cloudflare Workers subdomains using wrangler deploy. This creates a significant risk of accidental data exposure if sensitive local files (e.g., configuration files, private notes) are used as input.
[COMMAND_EXECUTION]: The skill uses several powerful CLI tools to perform its tasks. It executes wrangler deploy to push content to the internet, infsh to run remote AI models, and open to trigger local browser execution. These commands operate on generated content and local paths, which could be manipulated if the agent's logic is compromised.
[EXTERNAL_DOWNLOADS]: The skill triggers the execution of remote AI models via infsh app run falai/flux-dev-lora for image generation. This represents the execution of external code/logic that is not verified as part of the skill's own package.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from untrusted external sources.
Ingestion points: The skill uses FirecrawlScrapeTool, FetchYoutubeTranscriptTool, and FetchYoutubeCommentsTool to ingest data from the public web and social media.
Boundary markers: Absent. There are no instructions for the agent to use delimiters or to ignore potential instructions embedded within the scraped text.
Capability inventory: The agent has the ability to write to the local filesystem (/tmp/), deploy to the network (wrangler), and create Notion pages (notion-create-pages).
Sanitization: None. Scraped content is directly analyzed and summarized to form the backbone of the generated presentation, allowing instructions hidden in web pages or comments to influence the final output or tool usage.

presentation