The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it reads and processes the content of untrusted user files (Inbox items and Daily Notes) to determine logic, such as file classification, destination folders, and link creation.
Ingestion points: The skill reads files from the inbox folder (01 Inbox/) and daily notes (00 Daily/YYYY/) to analyze their purpose and topic.
Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the files being processed.
Capability inventory: The agent has the capability to move files between folders, modify file content (adding frontmatter and wiki-links), and create new log files.
Sanitization: No sanitization or validation of the input content is specified; the agent relies on its own analysis of the text to drive its actions.
Mitigation: The skill includes a robust 'Confirmation Protocol' that requires the agent to present a plan to the user and obtain explicit approval before applying any changes to the vault.

weekly-review