The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes several CLI tools (gog, mcporter, todoist-cli) via shell commands to interact with external APIs. These tools are used for their intended purpose of fetching business data (emails, calendar events, tasks).
[DATA_EXPOSURE]: The skill accesses local configuration files, specifically ~/executive-assistant-skills/config/user.json and ~/.env. These files are used to store and retrieve personal configuration and API tokens required for the skill's operations. This follows standard secret management practices for such integrations.
[INDIRECT_PROMPT_INJECTION]: The skill processes content from untrusted external sources, including email threads and meeting notes via Granola. While this presents a surface for indirect prompt injection (where malicious instructions could be embedded in an email), the risk is mitigated as the skill's primary function is to summarize this data for the user rather than using it to drive further automated actions. Evidence:
Ingestion points: Gmail thread content via gog and meeting action items via mcporter (SKILL.md).
Boundary markers: None explicitly defined in the instructions to separate external content from agent instructions.
Capability inventory: The skill has Bash and Write capabilities (SKILL.md).
Sanitization: No specific sanitization or filtering is described for the content extracted from emails or meeting notes.

executive-digest