The Agent Skills Directory

[DATA_EXFILTRATION]: The upload script (upload_to_drive.py) defaults to setting document permissions to 'anyone' with the link as a 'writer'. While documented as a feature, this insecure default could lead to accidental exposure of sensitive information if the user does not explicitly use the --no-share flag.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing pandoc via trusted package managers (Homebrew, Chocolatey, etc.) and official GitHub releases. These sources are considered well-known and reliable.\n- [COMMAND_EXECUTION]: The workflow involves executing local system commands to run pandoc and the upload_to_drive.py script. These operations are restricted to the intended purpose of document conversion and management.\n- [CREDENTIALS_UNSAFE]: OAuth2 client secrets and session tokens are stored in the local file system within the user's home directory (~/.config/markdown-to-docx/). Users should be aware that these credentials are saved locally for session persistence.\n- [PROMPT_INJECTION]: The skill processes user-provided markdown files (INPUT.md) which may contain indirect prompt injections. Ingestion points: INPUT.md. Capability inventory: uses pandoc for conversion and upload_to_drive.py for network uploads to Google Drive. No explicit boundary markers or sanitization steps are defined for the input content.

publish-to-google-docs