The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently invokes system commands using child_process.spawn, spawnSync, and execFileSync to perform core operations:
Installing and updating agent skills through the npx skills add command chain.
Extracting text content from PDF files using system utilities such as mdls and strings in src/core/vault.ts.
Performing Git operations (commit, push, rev-parse) within the workspace in src/daemon/git-journal.ts.
Opening files, directories, or URLs using the host operating system's default handlers like open, xdg-open, or rundll32.exe in src/utils/process.ts.
[DYNAMIC_EXECUTION]: The application dynamically loads binary SQLite extensions (libsimple.dylib, libsimple.so, or simple.dll) at runtime. These paths are programmatically computed in src/core/sqlite-extensions.ts based on the detected operating system and CPU architecture.
[INDIRECT_PROMPT_INJECTION]: The skill implements an agentic workflow that ingests untrusted data from 'vault' files (PDF, Word, PPTX, etc.). While the skill uses structured JSON manifests and schema validation for the agent's output, the combination of processing untrusted content and having capabilities like command execution and file system modification creates a potential surface for indirect prompt injection attacks.
[EXTERNAL_DOWNLOADS]: The skill provides mechanisms to fetch and install additional functionality from external sources, specifically GitHub repositories, during the setup and skill management processes.

tiangong-wiki-skill