The Agent Skills Directory

[DATA_EXPOSURE]: The skill manages a contacts/ folder containing PII and sensitive relationship context. It includes explicit instructions (Rule 6) for the agent to respect privacy and warn the user about the sensitivity of the data. No automated network exfiltration was detected.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests data from external sources (LinkedIn, email, Slack) and stores user-provided interaction logs. Maliciously crafted content in these inputs could attempt to influence the agent's behavior during future context pulls. This is documented as a common risk factor for data-centric skills and is mitigated by the skill's limited capability set (primarily local file operations).
[EXTERNAL_DOWNLOADS]: The skill mentions pulling data from external connectors like LinkedIn, email, and Slack during the 'Add new contact' phase. This constitutes a data ingestion point from external sources, which is standard functionality for a CRM but requires the agent to handle potentially untrusted content.

personal-crm