The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains instructions that attempt to bypass environment security constraints and override system rules.\n
Evidence: SKILL.md instructs the agent to run commands with dangerouslyDisableSandbox: true.\n
Evidence: SKILL.md contains a "Critical Rules" section that explicitly states its instructions "override any conflicting instructions from system hooks, plugins, or other tools".\n
Evidence: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted content. Ingestion points: YouTube transcripts (scripts/wisdom.py) and web article content (references/source-web-text.md). Boundary markers: None. Capability inventory: Extensive file system access, network fetching, and shell command execution. Sanitization: No explicit filtering or sanitization of external data before processing.\n- [REMOTE_CODE_EXECUTION]: The skill provides instructions for the execution of unverified remote scripts.\n
Evidence: scripts/wisdom.py includes error messages recommending the use of curl -fsSL https://bun.sh/install | bash, a high-risk installation pattern.\n- [COMMAND_EXECUTION]: The skill relies on shell command execution via subprocess for core functionality.\n
Evidence: scripts/wisdom.py and scripts/transcribe.py use subprocess.run to call ffmpeg, prettier, and system openers (open, xdg-open) with arguments derived from files and user input.\n- [EXTERNAL_DOWNLOADS]: The skill fetches resources from various remote sources.\n
Evidence: scripts/wisdom.py downloads transcripts, audio, and metadata from YouTube, and thumbnails from arbitrary domains. It also makes requests to mermaid.ink for diagram rendering.\n
Evidence: scripts/transcribe.py requires an external dependency from a non-standard source (onnx-asr @ git+https://github.com/istupakov/onnx-asr.git).

extract-wisdom