The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes several shell-based tools including osascript for interacting with Apple Calendar, git for reviewing local repository changes in the plrom directory, and reminders-cli for accessing completed tasks.
[DATA_EXFILTRATION]: Accesses sensitive local directories containing personal daily notes within the Obsidian iCloud directory (~/Library/Mobile Documents/iCloud~md~obsidian/Documents/Note/Archives/日记(Daily)/). It also makes network requests to Pinboard, Douban, and the vendor-specific RSS feed tg.niracler.com. While these actions support the skill's primary function of material collection, the combination of reading private diary data and accessing external networks represents a data exposure surface.
[EXTERNAL_DOWNLOADS]: Fetches content from external RSS feeds (Douban, Telegram) and the Pinboard API to consolidate various digital activity logs for the biweekly report.
[PROMPT_INJECTION]: The skill processes untrusted content from external RSS feeds and local daily notes (Step 2a, 2c, 2d), creating an indirect prompt injection surface (Category 8). No boundary markers or specific sanitization routines are documented to prevent the agent from potentially following malicious instructions embedded in the ingested data. The skill has capabilities to execute shell commands and write to the filesystem, which could be relevant if malicious content is processed.
[REMOTE_CODE_EXECUTION]: An automated scan flagged a potential remote code execution via curl ... | python3. Technical analysis confirms this is a false positive; the command in SKILL.md pipes data into a locally-defined, inline Python script for XML parsing rather than executing arbitrary code downloaded from a remote server.

biweekly-collector