The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It retrieves data from untrusted external sources (LinkedIn profiles, GitHub profiles, and web search results) and interpolates this content directly into prompts for the AI agent in scripts/generate_brief.js and scripts/research_person.js.
Ingestion points: Meeting attendee names and descriptions from Google Calendar (scripts/check_calendar.sh), and biographical data from web/GitHub searches (scripts/research_person.js).
Boundary markers: The prompts in generate_brief.js lack clear delimiters (e.g., XML tags or triple quotes) or 'ignore embedded instructions' warnings when processing the research JSON object.
Capability inventory: The skill possesses the ability to send emails via Gmail, post to Slack webhooks, and execute shell commands via scripts/run_daily.sh.
Sanitization: There is no evidence of sanitization, escaping, or filtering of the external content before it is processed by the LLM.
[COMMAND_EXECUTION]: The orchestration script scripts/run_daily.sh and the calendar utility scripts/check_calendar.sh execute multiple subprocesses, including python3, node, gcalcli, and curl. It provides a workflow that requires the agent to execute shell commands directly to manage data files and research steps.
[EXTERNAL_DOWNLOADS]: The skill relies on external tools and CLI utilities, specifically gcalcli for calendar access and gh (GitHub CLI) for repository research. While these are common tools, they represent external dependencies that must be managed by the host environment.
[DATA_EXFILTRATION]: The system is designed to exfiltrate data by nature. It reads sensitive calendar information and sends research summaries to external endpoints via Gmail and Slack webhooks. While this aligns with the skill's primary purpose, the lack of input sanitization creates a risk where malicious external data could influence the content or recipients of these communications.

meeting-brief