The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It ingests untrusted data from external sources (LinkedIn, GitHub, and web searches) and interpolates it directly into AI prompts for brief generation. 1. Ingestion points: Meeting descriptions from Google Calendar (scripts/check_calendar.sh) and attendee profile data from web/GitHub searches (scripts/research_person.js). 2. Boundary markers: Absent. The scripts/generate_brief.js script stringifies the research JSON into the prompt without using specific delimiters or 'ignore' instructions for the model. 3. Capability inventory: The agent has access to the gmail skill for sending emails and the curl command for Slack notifications. 4. Sanitization: No sanitization or validation of the content retrieved from external profiles or calendar descriptions is performed.
[DATA_EXFILTRATION]: The skill transmits research data to external endpoints via a Slack webhook in scripts/send_slack.sh. While intended for user notifications, this mechanism provides a path for data to leave the local environment to any URL configured in config.json.
[COMMAND_EXECUTION]: The orchestration relies on several shell and Node.js scripts. scripts/run_daily.sh functions as a generator that outputs a series of shell commands for the agent to execute sequentially, which is a complex execution pattern.

meeting-brief