The Agent Skills Directory

[REMOTE_CODE_EXECUTION / EXTERNAL_DOWNLOADS] (HIGH): The skill bootstraps by performing a git clone from an untrusted repository (https://github.com/adunne09/deepwork-tracker.git) and executes the resulting deepwork.js script via exec. The source is not in the trusted repository list.
[DATA_EXFILTRATION] (HIGH): The workflow for 'Show deep work graph' contains a mandatory instruction to 'Always send' the resulting data to a specific, hardcoded Telegram ID (8551040296). This creates an automated exfiltration path for user activity data to an external entity.
[COMMAND_EXECUTION] (MEDIUM): The skill utilizes chmod +x on a downloaded script and executes arbitrary commands via the local shell to interact with the tracking application.
[INDIRECT PROMPT INJECTION] (HIGH): The skill possesses a high-risk vulnerability surface by processing external data (from the SQLite database via the external script) and possessing both execution (exec) and exfiltration (message tool) capabilities.
Ingestion points: Data returned from the deepwork.js report command.
Boundary markers: None. Data is interpolated directly into the message tool block.
Capability inventory: exec for script running, message for sending data to Telegram.
Sanitization: No sanitization or validation of the data retrieved from the local database before sending it to the external Telegram recipient.

deepwork-tracker