The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes git commands (add, commit, push) to maintain version control over the user's paper database. These operations are strictly controlled by user configuration flags (GIT_COMMIT_ENABLED and GIT_PUSH_ENABLED) and are limited to the specific paths defined in the environment.
[DATA_EXFILTRATION]: The skill accesses and indexes the user's local Obsidian vault (using VAULT_PATH, NOTES_PATH, and CONCEPTS_PATH) to match new papers with existing knowledge. It also reads from /tmp/daily_papers_enriched.json. All file operations are localized to the user's system and support the skill's primary function of note management.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of untrusted paper data (titles, authors, and summaries) from /tmp/daily_papers_enriched.json. This data is directly interpolated into markdown outputs and history files without explicit sanitization or boundary markers. While this poses a risk of the agent adopting instructions embedded within paper metadata, the behavior is inherent to the skill's primary purpose of summarizing external content. Ingestion points include the /tmp/daily_papers_enriched.json file. Boundary markers for untrusted content are absent. The skill's capability inventory includes file reading, writing, and shell execution (git). Sanitization of the input data is not explicitly defined in the instructions.

daily-papers-review