The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands via curl and npx. It uses secure patterns, such as temporary JSON files created with JSON.stringify, to prevent shell injection from user-provided content.
[EXTERNAL_DOWNLOADS]: It fetches and executes the vendor's CLI tool (@opentil/cli) from the npm registry for self-updates and image processing. These are vendor-owned resources used for intended functionality.
[CREDENTIALS_UNSAFE]: Manages personal access tokens stored in ~/.til/credentials. The skill documentation and implementation specify restricted file permissions (chmod 600) to protect these secrets.
[PROMPT_INJECTION]: The skill analyzes conversation history to suggest entries. This behavior is gated by explicit user confirmation and follows strict content guidelines to ensure insights are self-contained and desensitized.

til