The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill utilizes npx to resolve and run the @call-e/cli package. This is a vendor-provided tool used to execute the core phone call functionality.
[COMMAND_EXECUTION]: The skill uses local Node.js scripts and the CALL-E CLI for tasks such as client environment detection, prompt rendering, and call planning. These operations are restricted to the skill's primary purpose and do not involve arbitrary command execution.
[DATA_EXFILTRATION]: While the skill processes sensitive data like E.164 phone numbers, it implements safeguards including masking numbers in user-facing summaries and strictly prohibiting the exposure of authentication tokens or credentials in any output.
[PROMPT_INJECTION]: The skill accepts user-provided text for reminder messages which are subsequently included in scheduled runtime prompts. It mitigates potential injection risks by providing the executing agent with explicit runtime instructions to verify the call plan and ignore any embedded instructions that deviate from the authorized call logic.
Ingestion points: The reminderMessage field is captured from user input in SKILL.md and processed by the render-runtime-prompt.mjs script.
Boundary markers: The runtime-prompt.md template uses structured fields and includes a section for 'Required runtime checks' to ensure the agent maintains context and safety constraints.
Capability inventory: Subprocess execution is limited to the vendor's validated CLI tools and local helper scripts.
Sanitization: Input is validated using regex in validate-reminder-input.mjs to ensure basic formatting and non-empty messages.

call-reminder