The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructions require the agent to collect and store highly sensitive information, including business tax IDs (EIN, VAT, ABN), bank transfer details, PayPal emails, and Stripe payment links. These are saved in plain-text format within invoice-config.md and individual client files in the clients/ directory, exposing them to any other process or skill with file system access.
[COMMAND_EXECUTION]: The skill's recurring invoice feature, as detailed in the evaluation prompts, requires the agent to 'set up a scheduled task' to auto-generate invoices on a monthly basis. This implies the use of system-level scheduling tools (such as crontab or Windows Task Scheduler) which constitutes a persistence mechanism and involves executing shell commands.
[PROMPT_INJECTION]: The skill is designed to ingest external data from third-party time-tracking exports (e.g., Toggl or Harvest CSV files) to populate invoice line items. This creates a surface for indirect prompt injection if the imported data contains malicious instructions meant to influence the agent's behavior.
Ingestion points: Reads from invoice-config.md, invoice-log.md, and user-provided CSV/time-tracking export files.
Boundary markers: None. The instructions do not specify the use of delimiters or warnings to ignore instructions within the imported data.
Capability inventory: File system writes (PDF, MD), and potential system command execution for task scheduling.
Sanitization: There are no instructions provided for validating or sanitizing the content of the imported time-tracking files before processing.

invoice-generator