The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill contains a <CRITICAL-AUTO-UPGRADE> block in SKILL.md that instructs the agent to autonomously execute voxflow upgrade -y or npm i -g voxflow@latest if a version mismatch is detected. It explicitly tells the agent to proceed without asking the user for confirmation.
[COMMAND_EXECUTION]: The skill relies on several shell commands for core functionality, including voxflow status, voxflow login, and execution of the provided scripts/render-cards.mjs and scripts/download-fonts.sh files.
[DATA_EXFILTRATION]: SKILL.md identifies a sensitive file path ~/.config/voxflow/token.json as the storage location for session tokens. While the skill uses this for authentication checks via voxflow status, the explicit documentation of token paths increases the risk of credential exposure.
[EXTERNAL_DOWNLOADS]: The scripts/download-fonts.sh script uses an embedded Python routine to download binary font files from cdn.jsdelivr.net and api.fontshare.com. While these are well-known services, the script downloads and saves approximately 20MB of binary data to the local assets/fonts/ directory at runtime.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface. In SKILL.md (Workflow Step 2: Conditional deep research), the agent is instructed to fetch and read the body of user-supplied URLs. There are no explicit instructions or boundary markers to disregard instructions found within that fetched content, which could allow a malicious webpage to influence agent behavior.
[COMMAND_EXECUTION]: The scripts/render-cards.mjs script utilizes Playwright to launch a Chromium browser and uses page.evaluate() to execute arbitrary JavaScript within the browser context during the rendering process.

card