The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as git commit and git add using dynamic content.
Evidence: SKILL.md Step 9 defines a command git commit -m "wisdom: <category> — <body first 60 chars>..." where the category and body are derived from user-provided or externally-scraped text. If the agent does not properly escape these variables, it creates a potential command injection surface.
Evidence: SKILL.md also references the execution of a wisdom_find_dup command to check for duplicates.
[PROMPT_INJECTION]: The skill processes untrusted external data which could contain indirect prompt injection attacks.
Ingestion points: SKILL.md Step 2 (URL enrichment) and Step 11 (URL import flow) ingest web page titles, authors, yt-dlp metadata, Whisper transcripts, and social media comments.
Boundary markers: The skill implements human-in-the-loop validation; the agent is instructed to "Confirm with user" in Step 5 and to show a candidate body for user editing or approval in Step 11.4.
Capability inventory: The agent can write to the local file system, execute shell commands (Git), and utilize web tools (Playwright, yt-dlp).
Sanitization: No explicit automated sanitization or boundary markers are described in the instructions to the agent; the workflow relies on manual user verification.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve data from external URLs.
Evidence: SKILL.md describes using yt-dlp, Playwright, and other web tools to fetch metadata and content from user-provided links to enrich the wisdom corpus.

wisdom-capture