The Agent Skills Directory

[SAFE]: No security issues detected. The skill's components, including PowerShell scripts and agent templates, align with the stated purpose of business operations management and local workspace automation.
[COMMAND_EXECUTION]: The skill includes PowerShell scripts such as Initialize-BizOpsWorkspace.ps1 and Deploy-BizOpsTemplates.ps1 for environment setup. The general-worker agent template utilizes run/terminal tools, and the report-generator agent is configured to run git commands for activity logging. These actions are within the expected scope of the skill's local management tasks.
[DATA_EXFILTRATION]: The skill interacts with Microsoft 365 services through the workIQ MCP server to collect activity data like emails and calendar events. This data is used locally for report generation and task updates within the workspace, following the user's existing access permissions.
[PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by syncing data from external sources such as OneDrive and Git repositories via the Check-ExternalFolders.ps1 script. Ingestion points: Data is pulled from external paths configured in _datasources/external-paths.md into the workspace _inbox folders. Boundary markers: Not present in the provided templates for processing synchronized external content. Capability inventory: The workspace agents have capabilities for file manipulation (editFiles), terminal command execution (run/terminal), and M365 interaction. Sanitization: File types and extensions are filtered in the PowerShell sync script, but the agent instructions do not explicitly define content sanitization for instructions embedded within the synced documents.

biz-ops-setup