The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to gather context, including ls to list notes, git log to summarize coding activity across multiple local projects, and sqlite3 to query a specific local database (SKILL.md).
[DATA_EXFILTRATION]: The skill accesses sensitive personal and professional data stored in the user's home directory. This includes personal notes in an Obsidian vault (/Users/espen/Library/CloudStorage/OneDrive-Espennilsen.net/2-Areas/Digital_Life/Obsidian/e9n), source code history in /Users/espen/Dev/, and application data in a SQLite database (SKILL.md).
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted local data (SKILL.md). Ingestion points: Daily notes and git commit history are read into the agent's context. Boundary markers: Absent; the skill does not define delimiters or specific instructions to ignore embedded commands within the gathered data. Capability inventory: Shell command execution (ls, git, sqlite3) and the ability to write new files to the user's filesystem (SKILL.md). Sanitization: Absent; there is no mechanism described to validate or sanitize the content retrieved from the filesystem before it is processed.

weekly-review