The Agent Skills Directory

[SAFE]: The skill utilizes local CLI tools (wilma, gog) to manage school data and calendar events. These operations are consistent with the skill's stated purpose and follow standard configuration patterns using user-managed credential files.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external data from school notifications. However, this is intrinsic to the triage functionality and no malicious instructions or bypass attempts were found within the skill's own code.
Ingestion points: School messages and news fetched via the wilma CLI tool as described in the workflow section.
Boundary markers: The skill does not implement specific delimiters (e.g., XML tags or backticks) to wrap external content, which is a standard risk for triage agents.
Capability inventory: The agent can write to Google Calendar using the gog CLI and output summaries to the user chat.
Sanitization: Content is summarized and filtered based on keyword rules before presentation.
[COMMAND_EXECUTION]: The skill instructs the agent to execute specific CLI commands (wilma, gog). These are limited to the intended functionality of the skill and do not include arbitrary user-input injection into shell contexts.

wilma-triage