The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The documentation instructs users to install the @rarefriend-ai/mcp package using the npx package runner. This package is an external dependency from a third-party source not included on the trusted vendor list.\n- [COMMAND_EXECUTION]: The setup instructions provide shell commands (e.g., claude mcp add) that execute the npx command to download and run third-party code. This pattern of downloading and immediately executing external code carries inherent risk.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from Microsoft Outlook and Exchange APIs (emails, contacts, and calendar events) which could contain malicious instructions designed to manipulate the AI agent's behavior (Indirect Prompt Injection).\n
Ingestion points: Data enters the agent context through tools like search_contacts, get_upcoming_microsoft_events, and search_microsoft_emails as described in SKILL.md.\n
Boundary markers: No explicit delimiters or safety instructions are provided to the agent to treat external content as untrusted data.\n
Capability inventory: The skill includes write capabilities such as create_microsoft_calendar_event, create_note, and add_tag which could be exploited if malicious instructions are processed from external data.\n
Sanitization: There are no descriptions of data validation or sanitization logic in the skill's operational instructions.\n- [PROMPT_INJECTION]: The presence of a skill-report.json file that provides a pre-calculated 'low' risk verdict and authoritative safety claims constitutes metadata poisoning. This file is intended to influence the outcome of security assessments and bypass standard analysis protocols.

schedule-with-outlook