The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill references an external MCP server at 'https://mcp.granola.ai/mcp'. As this is not a trusted source, the server could provide malicious tool definitions or return data designed to manipulate the agent's logic.
[COMMAND_EXECUTION] (MEDIUM): In the execution flow, the skill explicitly directs the agent to run a script named 'fireflies_fetch.py'. This script is missing from the skill's file list, which introduces a dependency on unverified local files and may lead to unauthorized command execution if an attacker can place a file with that name on the system.
[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). • Ingestion points: Reads content from Slack channels, Notion databases, and Granola meeting notes via MCP tools. • Boundary markers: None. There are no delimiters or instructions provided to the agent to disregard instructions found within the gathered data. • Capability inventory: The agent has file system write access, sub-agent spawning (Task), and the ability to interact with Slack and Notion APIs. • Sanitization: None. Instructions embedded by third parties in Slack messages or Notion pages could be interpreted as commands during the sync process.

my-context-sync