The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation process for the '@temporal-cortex/cortex-mcp' package includes a postinstall script that downloads a platform-specific Rust binary from an external GitHub repository (github.com/temporal-cortex/mcp). This binary is executed on the host system to perform calendar operations.
[EXTERNAL_DOWNLOADS]: The skill fetches executable artifacts and configuration from temporal-cortex.com and GitHub releases. These sources are not recognized as trusted vendors or well-known services in the analysis scope.
[CREDENTIALS_UNSAFE]: The skill requires access to '~/.config/temporal-cortex/credentials.json', which stores sensitive OAuth tokens for Google Calendar, Microsoft Outlook, and CalDAV providers. These credentials are read by the downloaded third-party binary.
[DATA_EXFILTRATION]: In 'Platform Mode', the skill initiates network requests to 'api.temporal-cortex.com'. This communication channel could potentially be used to transmit data from the host machine to a third-party server.
[PROMPT_INJECTION]: The skill processes untrusted calendar data (summaries and descriptions) from external providers, which serves as an indirect prompt injection surface. 1. Ingestion: Event data is fetched from external APIs via 'list_events'. 2. Boundary markers: The documentation mentions a 'sanitization firewall' but does not specify delimiters to isolate external content. 3. Capability inventory: The skill has state-changing capabilities via 'book_slot' and 'request_booking'. 4. Sanitization: A server-side sanitization firewall is claimed to filter malicious patterns, though its effectiveness against sophisticated injections is unverified.

temporal-cortex-scheduling