The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local shell script at .scripts/meeting-intel/install-automation.sh to configure background tasks.
[EXTERNAL_DOWNLOADS]: The skill triggers npm install, which downloads and installs external packages from the npm registry without specifying a version-locked manifest in the provided instructions.
[REMOTE_CODE_EXECUTION]: The setup process establishes a persistent background synchronization mechanism that runs every 30 minutes, creating a long-term execution presence on the host system.
[CREDENTIALS_UNSAFE]: The skill prompts the user to paste sensitive API keys (Gemini, Anthropic, or OpenAI) directly into the conversation context. While it subsequently moves them to a .env file, the initial exposure in the chat history is a security risk.
[DATA_EXFILTRATION]: The skill targets and reads local application data from the Granola meeting transcription cache located at ~/Library/Application Support/Granola/cache-v*.json.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted data from public profile research and meeting transcripts.
Ingestion points: Reads external search results during 'Profile Research' and processes local Granola meeting cache files.
Boundary markers: None observed in the instructions to separate processed data from agent instructions.
Capability inventory: Performs file system writes (.env, System/user-profile.yaml), directory creation, and shell command execution (npm install, install-automation.sh).
Sanitization: No evidence of sanitization or validation of the ingested external content before it is processed by the agent.

setup