The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the installation of a CLI tool via npx from the @mvanhorn npm scope and via go install from a GitHub repository owned by mvanhorn. These sources match the vendor context provided for the skill.
[DATA_EXFILTRATION]: The fathom-pp-cli includes a --deliver webhook: flag. This feature allows the tool to POST its output (which may contain sensitive meeting transcripts, summaries, and action items) to an arbitrary external URL. This represents a capability for data exfiltration if the agent is directed to use a malicious URL.
[INDIRECT_PROMPT_INJECTION]: The skill processes data from meeting transcripts and AI-generated summaries. Ingestion points: Data is retrieved from the Fathom API or local SQLite store via commands like meetings, get-summary, and get-transcript in SKILL.md. Boundary markers: The instructions do not define clear delimiters or 'ignore' instructions when processing these transcripts. Capability inventory: The skill has access to the Read Bash tool, allowing it to execute arbitrary shell commands. Sanitization: There is no mention of sanitization or filtering of the meeting content before it is processed by the agent.

pp-fathom