The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the agent to execute arbitrary JavaScript code within a logged-in browser session. This code interacts with internal, undocumented application objects (e.g., window.getPreloadedTablesManager) to extract data directly from memory.\n- [DATA_EXFILTRATION]: The skill provides mechanisms to extract complete table records, field structures, and sensitive user metadata (e.g., getUserInfo, getUserMap which return user IDs, names, and corporate affiliations) from an enterprise environment. It explicitly states its purpose is to "bypass the official API restriction" that limits document access to only those created by the user.\n- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface.\n
Ingestion points: Reads arbitrary cell data via table.getCell(rid, fid) in SKILL.md.\n
Boundary markers: None present; data is directly interpolated and processed.\n
Capability inventory: Access to browser memory, ability to return structured data to the agent, and system access through the browser tool.\n
Sanitization: Minimal truncation (substring(0, 4000)) with no content filtering or instruction escaping.

wecom-smartsheet