The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the obsidian CLI to read from and write to the local file system (Obsidian vault). It also executes custom JavaScript snippets within a browser session via Chrome DevTools to automate UI interactions (clicking Material UI chips) and scrape student grades. These capabilities provide significant access to local data and browser control.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data from lesson transcripts ({上課日期}原始逐字稿) and external web pages to generate parent-facing reports. Evidence chain: 1. Ingestion points: Local Obsidian transcripts and orangeapple.co web pages. 2. Boundary markers: None identified. 3. Capability inventory: File system access via obsidian CLI and JS execution via Chrome DevTools. 4. Sanitization: No sanitization or validation of the transcript content is performed before processing. Malicious instructions hidden in transcripts could influence the agent's summary or command execution.- [EXTERNAL_DOWNLOADS]: The skill fetches data from corp.orangeapple.co and exam.orangeapple.co. While necessary for the skill's purpose, this is the entry point for the untrusted data processed in later stages.

orangeapple-class-report