The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses a Bash heredoc in Phase 8 to execute sqlite3 commands. The values for the SQL INSERT statement, including the description field, are interpolated from external sources like GitHub PR titles and Outlook meeting subjects. If these external sources contain malicious payloads (e.g., shell metacharacters or SQL injection strings), it could lead to arbitrary command execution on the host system.
[DATA_EXFILTRATION]: The skill aggregates sensitive workplace data, including project mappings, personal notes, GitHub activity, and Outlook calendar events. While the intended use is for filling time entries in a legitimate service (Intervals Online), the centralized collection and processing of this data by an AI agent creates a potential exfiltration vector if the instructions were modified or the agent misdirected.
[DYNAMIC_EXECUTION]: The workflow dynamically generates JavaScript payloads (ENTRIES array) to be executed via browser automation. While this is the primary mechanism of the skill, the interpolation of untrusted strings from GitHub and Outlook into these scripts without explicit sanitization routines poses a risk of script injection within the browser context.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from GitHub (PR titles/bodies) and Outlook (meeting subjects).
Ingestion points: GitHub activity JSON (via read-github-activity) and Outlook calendar events (via read-outlook-calendar).
Boundary markers: The skill implements a 'Mandatory Safety Gate' (Phase 3.5) requiring a preview and explicit user confirmation before any browser automation occurs.
Capability inventory: File system access, browser automation (select_page, evaluate_script), and shell execution (sqlite3).
Sanitization: No explicit sanitization or escaping of external content is defined before it is interpolated into the SQL commands or browser scripts.

intervals-time-entry