The Agent Skills Directory

DATA_EXFILTRATION (HIGH): The skill is designed to extract highly sensitive information from private sources including conversation history (recent_chats, conversation_search), Supabase databases, and GitHub repositories. This data is then formatted into a dashboard and deployed to an external Cloudflare Pages URL (https://life-os-aiy.pages.dev/), which constitutes a significant data exfiltration risk.
COMMAND_EXECUTION (HIGH): Implementation logic specifically references the execution of 'scripts/deploy.sh' for deployment purposes. This indicates the agent is required to run shell commands to manage infrastructure, which could be leveraged for malicious purposes if the agent is hijacked.
PROMPT_INJECTION (HIGH): The skill has a large attack surface for Indirect Prompt Injection (Category 8) because it processes over 190 past conversations and external repository data. * Ingestion points: Data is pulled from private chat history, GitHub commit logs, and Supabase tables. * Boundary markers: There are no delimited boundaries or instructions to ignore commands within the ingested data. * Capability inventory: The skill possesses high-privilege capabilities including file modification, shell script execution, and network deployment. * Sanitization: No sanitization or filtering is performed on external content, allowing malicious instructions in past chats to potentially hijack the analysis or deployment process.

biddeed-2025-complete-analysis