The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses highly sensitive user data from the personal Vault directory (~/Brains/brain/), specifically targeting My Focus.md, recent Daily/*.md notes, and ai-research/*.md files. This personal content is then sent to an external LLM via the llm command-line tool for scoring and analysis.
[COMMAND_EXECUTION]: The skill uses subprocess.run to interact with external CLI tools including gws (to manage Gmail messages), tg.py (to fetch Telegram posts), and llm. These tools operate with significant permissions over the user's communication accounts.
[EXTERNAL_DOWNLOADS]: The skill depends on manually installed external components not managed by standard package managers, specifically the gws CLI and the telegram-telethon script library located in the user's home directory.
[PROMPT_INJECTION]: Untrusted content from external emails and Telegram messages is interpolated into a scoring prompt, creating an indirect prompt injection surface.
Ingestion points: Untrusted data enters via scripts/ingest.py from Gmail and Telegram sources.
Boundary markers: The prompt template in config/wow_prompt.txt lacks clear delimiters or protective instructions for the {candidates} data block.
Capability inventory: The system has capabilities for shell command execution (subprocess.run) and local file modification (appending to daily notes).
Sanitization: There is no evidence of sanitization or filtering of external content before it is passed to the LLM.

wow-digest