The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the curl utility to interact with the tl;dv API and jq for parsing and filtering JSON responses.
[DATA_EXFILTRATION]: The skill transmits the user's TLDV_TOKEN credential via the x-api-key header to https://pasta.tldv.io. While tldv.io is the domain of a well-known meeting recording service, the use of the pasta subdomain is unconventional and contradicts the official documentation link provided, which typically references api.tldv.io.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of external meeting data. (1) Ingestion points: Meeting transcripts and summaries are fetched from external servers and loaded into the agent context. (2) Boundary markers: No delimiters or instructions are used to isolate untrusted content from agent instructions. (3) Capability inventory: The skill has the capability to perform network requests and write to the local filesystem. (4) Sanitization: No sanitization or validation is performed on the transcripts or highlights before processing.
[EXTERNAL_DOWNLOADS]: Meeting recordings are downloaded from the tl;dv service to the /tmp directory using the curl command with the -L flag.

tldv