The Agent Skills Directory

[COMMAND_EXECUTION]: The skill documentation instructs the agent to execute the anki-ai package using npx, which involves downloading and running code from the npm registry.
[EXTERNAL_DOWNLOADS]: The storeMediaFile tool supports downloading media content from arbitrary external URLs provided in the tool parameters.
[DATA_EXFILTRATION]: Multiple tools provide access to the local filesystem using absolute paths, which could be leveraged to read or write data beyond the Anki media folder.
The storeMediaFile tool can read from a local file path.
The retrieveMediaFile tool returns the content of media files in base64 format.
exportPackage, importPackage, and guiImportFile tools accept absolute filesystem paths for operations.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves and processes content from the user's Anki collection which may originate from untrusted external sources.
Ingestion points: Tools such as notesInfo, cardsInfo, findNotes, and findCards ingest collection data.
Boundary markers: None identified in the tool schemas or instructions.
Capability inventory: The skill possesses filesystem read/write access (storeMediaFile, exportPackage), network connectivity (sync, URL-based media storage), and application control (guiExitAnki).
Sanitization: There is no documentation suggesting the validation or sanitization of data retrieved from the Anki collection before processing.

anki-ai-cli