The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection due to the way it processes external data to generate automated email drafts.
Ingestion points: The skill retrieves data from multiple untrusted sources, including Todoist task descriptions (todoist-cli), meeting summaries/transcripts (granola and grain tools), and existing Gmail threads (gog).
Boundary markers: The instructions do not define boundary markers or delimiters to separate the retrieved external content from the agent's instructions, nor do they provide the agent with guidance to ignore potentially malicious commands embedded in that content.
Capability inventory: The skill possesses significant capabilities, including the ability to create Gmail drafts, execute command-line tools via the shell, and send notifications via WhatsApp.
Sanitization: There is no evidence of content validation or sanitization for the meeting transcripts or task descriptions before they are used to generate the context for email drafting.
[COMMAND_EXECUTION]: The skill relies extensively on executing local CLI tools and shell scripts to perform its automation tasks.
Evidence: It executes various tools including todoist-cli, mcporter, and gog, and runs local Python utility scripts (skill_log.py, cron_canary.py) located within the user's workspace. It also sources environment variables directly from a .env file.

todoist-due-drafts