The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of shell commands to process data and manage the workflow. Specifically, it uses find and grep for searching Obsidian notes, uv run for executing a local Python extraction script and dynamic one-liners for PDF generation, and himalaya for email delivery.
[DATA_EXFILTRATION]: The skill is designed to collect sensitive user data from various local sources, including Obsidian vaults, OpenCode databases, and Qwen chat logs, and send it to an external email address (CNife@vip.qq.com). While this is the stated purpose of the skill, it involves the transmission of potentially private information over the network.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) because it ingests data from external, untrusted sources (such as chat histories and user-authored notes) and processes that data using high-privilege tools like shell execution and email services.
Ingestion points: Data is ingested from Obsidian markdown files, SQLite databases in ~/.local/share/opencode/, and JSON/JSONL logs in ~/.qwen/ and Hermes sessions.
Boundary markers: No specific delimiters or boundary markers are used to separate user-provided content from system instructions during processing.
Capability inventory: The skill has the capability to execute shell commands (bash), write files, and perform network operations (emailing via himalaya).
Sanitization: There is no evidence of sanitization, escaping, or validation of the content extracted from the data sources before it is interpolated into shell commands or email templates.

worklog